forked from inveniosoftware/invenio-access
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* fix role instantiation * closes inveniosoftware/invenio-app-rdm#2186 Co-authored-by: jrcastro2 <[email protected]>
- Loading branch information
Showing
9 changed files
with
1,013 additions
and
910 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
invenio_access/alembic/842a62b56e60_change_fk_accountsrole_to_string_downgrade.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# This file is part of Invenio. | ||
# Copyright (C) 2023 CERN. | ||
# | ||
# Invenio is free software; you can redistribute it and/or modify it | ||
# under the terms of the MIT License; see LICENSE file for more details. | ||
|
||
"""Change FK AccountsRole to string (downgrade recipe).""" | ||
|
||
import sqlalchemy as sa | ||
from alembic import op | ||
|
||
# revision identifiers, used by Alembic. | ||
revision = "842a62b56e60" | ||
down_revision = "04480be1593e" | ||
branch_labels = () | ||
depends_on = None | ||
|
||
|
||
def upgrade(): | ||
"""Upgrade database.""" | ||
pass | ||
|
||
|
||
def downgrade(): | ||
"""Downgrade database.""" | ||
op.alter_column( | ||
"access_actionsroles", | ||
"role_id", | ||
existing_type=sa.String(80), | ||
type_=sa.Integer, | ||
postgresql_using="role_id::integer", | ||
) | ||
op.create_foreign_key( | ||
op.f("fk_access_actionsroles_role_id_accounts_role"), | ||
"access_actionsroles", | ||
"accounts_role", | ||
["role_id"], | ||
["id"], | ||
ondelete="CASCADE", | ||
) |
50 changes: 50 additions & 0 deletions
50
invenio_access/alembic/f9843093f686_change_fk_accountsrole_to_string_upgrade.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# | ||
# This file is part of Invenio. | ||
# Copyright (C) 2023 CERN. | ||
# | ||
# Invenio is free software; you can redistribute it and/or modify it | ||
# under the terms of the MIT License; see LICENSE file for more details. | ||
|
||
"""Change FK AccountsRole to string (upgrade recipe). | ||
This recipe only contains the upgrade because as it directly depends on invenio-accounts recipe. That recipe is in | ||
charge of deleting all the constraints on the role_id, including foreign keys using the role_id declared in this module. | ||
Therefore, when in order to downgrade we need to split the recipes to be able to first execute the recipe in | ||
invenio-accounts (f2522cdd5fcd) and after that we can execute the downgrade recipe (842a62b56e60). | ||
""" | ||
|
||
import sqlalchemy as sa | ||
from alembic import op | ||
|
||
# revision identifiers, used by Alembic. | ||
revision = "f9843093f686" | ||
down_revision = ( | ||
"f2522cdd5fcd", | ||
"842a62b56e60", | ||
) # Depends on invenio-accounts revision id (f2522cdd5fcd) | ||
branch_labels = () | ||
depends_on = None | ||
|
||
|
||
def upgrade(): | ||
"""Upgrade database.""" | ||
op.alter_column( | ||
"access_actionsroles", | ||
"role_id", | ||
existing_type=sa.Integer, | ||
type_=sa.String(80), | ||
postgresql_using="role_id::integer", | ||
) | ||
op.create_foreign_key( | ||
op.f("fk_access_actionsroles_role_id_accounts_role"), | ||
"access_actionsroles", | ||
"accounts_role", | ||
["role_id"], | ||
["id"], | ||
ondelete="CASCADE", | ||
) | ||
|
||
|
||
def downgrade(): | ||
"""Downgrade database.""" | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# -*- coding: utf-8 -*- | ||
# | ||
# This file is part of Invenio. | ||
# Copyright (C) 2017-2018 CERN. | ||
# Copyright (C) 2017-2023 CERN. | ||
# | ||
# Invenio is free software; you can redistribute it and/or modify it | ||
# under the terms of the MIT License; see LICENSE file for more details. | ||
|
@@ -26,40 +26,37 @@ | |
def test_load_permissions_on_request_loaded(app): | ||
"""Checks that the needs are loaded during request in the user Identity.""" | ||
InvenioAccess(app) | ||
with app.test_request_context(): | ||
with app.test_client() as client: | ||
client.get("/") | ||
assert g.identity.provides == {any_user} | ||
with app.test_client() as client: | ||
client.get("/") | ||
assert g.identity.provides == {any_user} | ||
|
||
|
||
def test_load_permissions_on_identity_loaded(app): | ||
"""Check that the needs are loaded properly in the user Identity.""" | ||
InvenioAccess(app) | ||
|
||
with app.test_request_context(): | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == {any_user} | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == {any_user} | ||
|
||
with app.test_request_context(): | ||
user = testutils.create_test_user("[email protected]") | ||
login_user(user) | ||
assert g.identity.provides == {any_user, authenticated_user, UserNeed(user.id)} | ||
logout_user() | ||
# FIXME: The user is still authenticatd when the identity loader | ||
# is called during logout. We could filter on AnonymousIdentity, but | ||
# This would be inconsistent as the UserNeed(user.id) is still there. | ||
# This will pass even if it is unexpected: | ||
# assert g.identity.provides == { | ||
# any_user, authenticated_user, UserNeed(user.id) | ||
# } | ||
# Forcing the identity to reload again cleans the mess. In practice | ||
# this won't be needed as the identity is reloaded between requests. | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == {any_user} | ||
user = testutils.create_test_user("[email protected]") | ||
login_user(user) | ||
assert g.identity.provides == {any_user, authenticated_user, UserNeed(user.id)} | ||
logout_user() | ||
# FIXME: The user is still authenticatd when the identity loader | ||
# is called during logout. We could filter on AnonymousIdentity, but | ||
# This would be inconsistent as the UserNeed(user.id) is still there. | ||
# This will pass even if it is unexpected: | ||
# assert g.identity.provides == { | ||
# any_user, authenticated_user, UserNeed(user.id) | ||
# } | ||
# Forcing the identity to reload again cleans the mess. In practice | ||
# this won't be needed as the identity is reloaded between requests. | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == {any_user} | ||
|
||
|
||
def test_disabled_loader(app): | ||
|
@@ -69,8 +66,7 @@ def test_disabled_loader(app): | |
|
||
assert load_permissions_on_identity_loaded not in identity_loaded.receivers.values() | ||
|
||
with app.test_request_context(): | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == set() | ||
identity_changed.send( | ||
current_app._get_current_object(), identity=AnonymousIdentity() | ||
) | ||
assert g.identity.provides == set() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.