remove a loop in checking if a user is an admin

HumanBrainProject · Oct 7, 2024 · 66b65bb · 66b65bb
1 parent b902a0b
commit 66b65bb
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 6 deletions.
diff --git a/validation_service_api/validation_service/auth.py b/validation_service_api/validation_service/auth.py
@@ -153,16 +153,13 @@ async def _have_collab_access(self, collab_id, permission_type):
             permissions = await self.get_collab_permissions(collab_id)
         else:
             permissions = {}
-        if permissions.get(permission_type, False):
-            return True
-        else:
-            return self.is_admin()
+        return permissions.get(permission_type, False)
 
     async def can_view_collab(self, collab_id):
-        return self._have_collab_access(collab_id, "VIEW")
+        return await self._have_collab_access(collab_id, "VIEW")
 
     async def can_edit_collab(self, collab_id):
-        return self._have_collab_access(collab_id, "UPDATE")
+        return await self._have_collab_access(collab_id, "UPDATE")
 
     async def is_admin(self):
         return await self.can_edit_collab(settings.ADMIN_COLLAB_ID)

diff --git a/validation_service_api/validation_service/tests/test_user.py b/validation_service_api/validation_service/tests/test_user.py
@@ -0,0 +1,55 @@
+"""
+Tests of the User class
+
+Note: These will fail if the test user's permissions are too elevated.
+"""
+
+import os
+
+from fastapi.security import HTTPAuthorizationCredentials
+import pytest
+
+from ..auth import User
+
+
+token = HTTPAuthorizationCredentials(
+    credentials=os.environ["VF_TEST_TOKEN"], scheme="Bearer"
+)
+
+
+@pytest.mark.asyncio
+async def test_user__is_admin():
+    user = User(token, allow_anonymous=False)
+    is_admin = await user.is_admin()
+    assert not is_admin
+
+
+@pytest.mark.asyncio
+async def test_user_info():
+    user = User(token, allow_anonymous=False)
+    user_info = await user.get_user_info()
+    assert "collab-model-validation-administrator" not in user_info["roles"]["team"]
+
+
+@pytest.mark.asyncio
+async def test_get_collab_permissions():
+    user = User(token, allow_anonymous=False)
+    permissions = await user.get_collab_permissions("model-validation")
+    assert permissions == {
+        "UPDATE": False,
+        "VIEW": True,
+    }
+
+
+@pytest.mark.asyncio
+async def test_can_view_collab():
+    user = User(token, allow_anonymous=False)
+    can_view = await user.can_view_collab("model-validation")
+    assert can_view
+
+
+@pytest.mark.asyncio
+async def test_can_edit_collab():
+    user = User(token, allow_anonymous=False)
+    can_edit = await user.can_edit_collab("model-validation")
+    assert not can_edit