#23: Delete outdated permissions on sync_perms (#25)

centralauth/client/management/commands/sync_perms.py

@@ -30,9 +30,10 @@ def handle(self, *args, **options):
 
         self.stdout.write(
             'Operation successful. {0} permissions synced, {1} permissions '
-            'created. Permissions count: {2}.'.format(
+            'created, {2} permissions deleted. Permissions count: {3}.'.format(
                 response_json['synced'],
                 response_json['created'],
+                response_json['deleted'],
                 response_json['count'],
             )
         )

centralauth/provider/views.py

@@ -56,19 +56,26 @@ def post(self, request, *args, **kwargs):
 
         perms_data = data.get('perms', [])
         counter_created = 0
+
+        old_perms = application.applicationpermission_set.all()
         for perm in perms_data:
-            _, created = ApplicationPermission.objects.get_or_create(
+            perm_obj, created = ApplicationPermission.objects.get_or_create(
                 application=application,
                 app_label=perm['app_label'],
                 codename=perm['codename'],
                 repr=perm['repr']
             )
+            old_perms = old_perms.exclude(pk=perm_obj.pk)
             if created:
                 counter_created += 1
 
+        counter_deleted = old_perms.count()
+        old_perms.delete()
+
         return JsonResponse({
             'success': True,
             'synced': len(perms_data),
             'created': counter_created,
+            'deleted': counter_deleted,
             'count': application.applicationpermission_set.count(),
         })

tests/integration/test_perms_sync.py

@@ -0,0 +1,45 @@
+import mock
+import pytest
+
+from centralauth.client.services import register_perms
+from tests.factories import ApplicationFactory
+
+
+@pytest.mark.django_db
+class TestPermissionsSync:
+
+    @mock.patch('centralauth.client.services.requests.post')
+    @mock.patch('centralauth.client.services.Permission.objects.all')
+    def test_perms_sync(self, perm_manager_mock, post_mock, settings, client):
+        app = ApplicationFactory(
+            client_id=settings.CENTRALAUTH_CLIENT_ID,
+            client_secret=settings.CENTRALAUTH_CLIENT_SECRET,
+            redirect_uris='https://testserver/client/login/callback/')
+
+        class MockContentType:
+            app_label = 'TestApp'
+
+        class MockPerm:
+            codename = 'Foo Bar'
+            content_type = MockContentType()
+
+            def __str__(self):
+                return 'TestApp | Foo | Bar'
+
+        mock_perm = MockPerm()
+        perm_manager_mock.return_value = [mock_perm]
+        register_perms()
+
+        data = post_mock.call_args_list[0][1]['data']
+        client.post(
+            '/provider/perms/',
+            data=data,
+            content_type='application/json',
+            secure=True)
+
+        synced_perm = app.applicationpermission_set.first()
+
+        assert app.applicationpermission_set.count() == 1
+        assert synced_perm.app_label == 'TestApp'
+        assert synced_perm.codename == 'Foo Bar'
+        assert synced_perm.repr == 'TestApp | Foo | Bar'

tests/provider/test_views.py

@@ -61,6 +61,7 @@ def test_permissions_synced(self, client):
         assert response_json['success'] is True
         assert response_json['synced'] == 2
         assert response_json['created'] == 2
+        assert response_json['deleted'] == 0
         assert response_json['count'] == ApplicationPermission.objects.count() == 2
 
         # Second permissions sync
@@ -83,4 +84,54 @@ def test_permissions_synced(self, client):
         assert response_json['success'] is True
         assert response_json['synced'] == 3
         assert response_json['created'] == 1
+        assert response_json['deleted'] == 0
         assert response_json['count'] == ApplicationPermission.objects.count() == 3
+
+    def test_permissions_synced_remove_perms(self, client):
+        ApplicationFactory.create(
+            client_id='app1', client_secret='secret1')
+
+        # First permissions sync
+        response = client.post(
+            '/provider/perms/',
+            json.dumps({
+                'client_id': 'app1',
+                'client_secret': 'secret1',
+                'perms': [
+                    {'app_label': 'label1', 'codename': 'codename1', 'repr': 'repr1'},
+                    {'app_label': 'label2', 'codename': 'codename2', 'repr': 'repr2'},
+                    {'app_label': 'label3', 'codename': 'codename3', 'repr': 'repr3'},
+                ],
+            }),
+            content_type='application/json',
+            secure=True
+        )
+
+        assert response.status_code == 200
+        response_json = response.json()
+        assert response_json['success'] is True
+        assert response_json['synced'] == 3
+        assert response_json['created'] == 3
+        assert response_json['deleted'] == 0
+        assert response_json['count'] == ApplicationPermission.objects.count() == 3
+
+        # Second permissions sync - some perms deleted
+        response = client.post(
+            '/provider/perms/',
+            json.dumps({
+                'client_id': 'app1',
+                'client_secret': 'secret1',
+                'perms': [
+                    {'app_label': 'label1', 'codename': 'codename1', 'repr': 'repr1'},
+                ],
+            }),
+            content_type='application/json',
+            secure=True)
+
+        assert response.status_code == 200
+        response_json = response.json()
+        assert response_json['success'] is True
+        assert response_json['synced'] == 1
+        assert response_json['created'] == 0
+        assert response_json['deleted'] == 2
+        assert response_json['count'] == ApplicationPermission.objects.count() == 1