Revoke a user's admin role #54

isabelcosta · 2018-06-21T03:04:33Z

Description

Added DAO function and API at POST /admin/remove, to revoke an admin role from a user
Added tests for DAO function
Updated Swagger API
Fix some points of discussion pending for project weekly meeting
Make sure these logic is respected... as a user:
- I can assign myself as an admin = F
- I can revoke my admin role = F
- I have to be an admin to assign and revoke admin roles of others = T
- I cannot delete my account if I’m the only Admin = T

Fixes #17

Type of Change:

Code

Code/Quality Assurance Only

Bug fix (non-breaking change which fixes an issue)
This change requires a documentation update (software upgrade on readme file)
New feature (non-breaking change which adds functionality pre-approved by mentors)

How Has This Been Tested?

Added 3 tests for the AdminDAO function that revokes admin roles for the following cases:

Revoking a user which is not an admin - should fail
Revoking a user that does not exist - should fail
Revoking a user that is an admin - should succeed

Tested on Swagger UI, the same tests above to test the API response.

Checklist:

My PR follows the style guidelines of this project
I have performed a self-review of my own code or materials
I have commented my code or provided relevant documentation, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
Update Postman API at /docs folder
Update Swagger documentation and the exported file at /docs folder

Code/Quality Assurance Only

My changes generate no new warnings
I have added tests that prove my fix is effective or that my feature works
New and existing unit tests pass locally with my changes

m-murad

Update the responses that you have written before this PR. Do it in the same PR

m-murad · 2018-06-23T09:34:22Z

app/api/dao/admin.py

        new_admin_user = UserModel.find_by_id(new_admin_user_id)

        if new_admin_user:

            if new_admin_user.is_admin:
-                return {"message": "User is already an Admin"}, 201
+                return {"message": "User is already an Admin."}, 200


The response should be a bad requestand code 400

m-murad · 2018-06-23T09:42:47Z

app/api/resources/admin.py

+
+        else:
+            return {
+                       "message": "You don't have admin status. You can't assign other user as admin."


403 Forbidden

This is fixed @m-murad (it does not show here because you commented on the line above)

m-murad · 2018-06-23T09:42:58Z

app/api/resources/admin.py


        else:
            return {
-                       "message": "You don't have admin status. You can't assign another admin"
-                   }, 401
+                       "message": "You don't have admin status. You can't revoke other admin user."


403 Forbidden

Also fixed @m-murad

m-murad · 2018-06-23T09:44:47Z

app/api/dao/admin.py


-        return {"message": "User does not exist"}, 401
+        return {"message": "User does not exist."}, 400


404 - not found

m-murad · 2018-06-23T09:44:59Z

app/api/dao/admin.py

-            return {"message": "User is now an Admin"}, 201
+            return {"message": "User is now an Admin."}, 200
+
+        return {"message": "User does not exist."}, 400


m-murad · 2018-06-23T09:46:17Z

app/api/dao/admin.py


        new_admin_user_id = data['user_id']
+
+        if assigner_user_id is new_admin_user_id:
+            return {"message": "You cannot assign yourself as an Admin."}, 400


403 Forbidden

m-murad · 2018-06-23T09:47:02Z

app/api/dao/admin.py

+        admin_user_id = data['user_id']
+
+        if revoker_user_id is admin_user_id:
+            return {"message": "You cannot revoke your admin status."}, 400


403 Forbidden

m-murad · 2018-06-23T09:48:07Z

app/api/dao/user.py

        if user:
            user.delete_from_db()
            return {"message": "User was deleted successfully"}, 201

-        return {"message": "User does not exist"}, 201
+        return {"message": "User does not exist"}, 400


isabelcosta · 2018-06-23T10:05:16Z

wow thank you @m-murad , those error code reviews are very helpful

isabelcosta · 2018-06-23T21:03:50Z

@m-murad @Dilu9218 fixed the required changes by @m-murad

isabelcosta force-pushed the remove-admin-role branch from 04f5441 to ffcfb5b Compare June 21, 2018 03:06

isabelcosta requested review from Dilu9218 and m-murad June 21, 2018 03:07

isabelcosta force-pushed the remove-admin-role branch from ffcfb5b to 9c25ed4 Compare June 21, 2018 03:12

isabelcosta added the Work In Progress label Jun 21, 2018

isabelcosta force-pushed the remove-admin-role branch 2 times, most recently from c621b0b to c71a2b0 Compare June 22, 2018 14:23

isabelcosta added Review Requested and removed Work In Progress labels Jun 22, 2018

m-murad suggested changes Jun 23, 2018

View reviewed changes

isabelcosta added Work In Progress and removed Review Requested labels Jun 23, 2018

feat: revoke admin status

5c1f067

isabelcosta force-pushed the remove-admin-role branch from c71a2b0 to 5c1f067 Compare June 23, 2018 21:01

isabelcosta added Review Requested and removed Work In Progress labels Jun 23, 2018

Dilu9218 approved these changes Jun 25, 2018

View reviewed changes

m-murad approved these changes Jun 25, 2018

View reviewed changes

m-murad merged commit 0d51cd3 into anitab-org:gsoc18-code Jun 25, 2018

isabelcosta deleted the remove-admin-role branch June 26, 2018 11:45

isabelcosta removed Priority: HIGH labels Jul 5, 2018

isabelcosta added the Program: GSOC Related to work completed during the Google Summer of Code Program. label Aug 9, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Revoke a user's admin role #54

Revoke a user's admin role #54

isabelcosta commented Jun 21, 2018 •

edited

m-murad left a comment

m-murad Jun 23, 2018

m-murad Jun 23, 2018

isabelcosta Jun 23, 2018

m-murad Jun 23, 2018

isabelcosta Jun 23, 2018

m-murad Jun 23, 2018

m-murad Jun 23, 2018

m-murad Jun 23, 2018

m-murad Jun 23, 2018

m-murad Jun 23, 2018

isabelcosta commented Jun 23, 2018

isabelcosta commented Jun 23, 2018


		return {"message": "User does not exist"}, 401
		return {"message": "User does not exist."}, 400

Revoke a user's admin role #54

Revoke a user's admin role #54

Conversation

isabelcosta commented Jun 21, 2018 • edited

Description

Type of Change:

How Has This Been Tested?

Checklist:

m-murad left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

isabelcosta commented Jun 23, 2018

isabelcosta commented Jun 23, 2018

isabelcosta commented Jun 21, 2018 •

edited