From a38a69afa286eba260caa5d4dae9b2ea923e7aa3 Mon Sep 17 00:00:00 2001 From: Lance Edgar Date: Mon, 5 Aug 2024 14:27:53 -0500 Subject: [PATCH] fix: add `AuthHandler.user_is_admin()` method --- src/wuttjamaican/auth.py | 14 ++++++++++++++ tests/test_auth.py | 17 +++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/src/wuttjamaican/auth.py b/src/wuttjamaican/auth.py index d9300ed..008d352 100644 --- a/src/wuttjamaican/auth.py +++ b/src/wuttjamaican/auth.py @@ -369,6 +369,20 @@ class AuthHandler(GenericHandler): """ return self._special_role(session, 'b765a9cc331a11e6ac2a3ca9f40bc550', "Authenticated") + def user_is_admin(self, user, **kwargs): + """ + Check if given user is a member of the "Administrator" role. + + :rtype: bool + """ + if user: + session = self.app.get_session(user) + admin = self.get_role_administrator(session) + if admin in user.roles: + return True + + return False + def get_permissions(self, session, principal, include_anonymous=True, include_authenticated=True): diff --git a/tests/test_auth.py b/tests/test_auth.py index e8d5e15..cf37417 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -253,6 +253,23 @@ else: self.assertEqual(self.session.query(model.Role).count(), 1) self.assertEqual(role.name, "Authenticated") + def test_user_is_admin(self): + model = self.app.model + + # non-user is not admin + self.assertFalse(self.handler.user_is_admin(None)) + + # new user but not yet admin + user = self.handler.make_user(session=self.session) + self.session.commit() + self.assertFalse(self.handler.user_is_admin(user)) + + # but we can make them an admin + admin = self.handler.get_role_administrator(self.session) + user.roles.append(admin) + self.session.commit() + self.assertTrue(self.handler.user_is_admin(user)) + def test_get_permissions(self): model = self.app.model