🐛Personalized-resource-limits: return default value when no product is defined (#4449)

sanderegg · web-flow · commit 5aa73d30a99e · 2023-07-03T13:53:42.000Z
diff --git a/services/web/server/src/simcore_service_webserver/users/_db.py b/services/web/server/src/simcore_service_webserver/users/_db.py
@@ -1,13 +1,15 @@
+import contextlib
+
 import sqlalchemy as sa
 from aiohttp import web
 from aiopg.sa.connection import SAConnection
 from aiopg.sa.result import ResultProxy
 from models_library.users import GroupID, UserID
 from simcore_postgres_database.models.users import UserStatus, users
 from simcore_postgres_database.utils_groups_extra_properties import (
+    GroupExtraPropertiesNotFound,
     GroupExtraPropertiesRepo,
 )
-from sqlalchemy.sql import func
 
 from ..db.models import user_to_groups
 from ..db.plugin import get_database_engine
@@ -21,13 +23,12 @@ async def do_update_expired_users(conn: SAConnection) -> list[UserID]:
         .where(
             (users.c.expires_at.is_not(None))
             & (users.c.status == UserStatus.ACTIVE)
-            & (users.c.expires_at < func.now())
+            & (users.c.expires_at < sa.sql.func.now())
         )
         .returning(users.c.id)
     )
     if rows := await result.fetchall():
-        expired = [r.id for r in rows]
-        return expired
+        return [r.id for r in rows]
     return []
 
 
@@ -44,17 +45,19 @@ async def get_users_ids_in_group(conn: SAConnection, gid: GroupID) -> set[UserID
 async def list_user_permissions(
     app: web.Application, *, user_id: UserID, product_name: str
 ) -> list[Permission]:
-    engine = get_database_engine(app)
-
-    async with engine.acquire() as conn:
-        user_group_extra_properties = (
-            await GroupExtraPropertiesRepo.get_aggregated_properties_for_user(
-                conn, user_id=user_id, product_name=product_name
+    override_services_specifications = Permission(
+        name="override_services_specifications",
+        allowed=False,
+    )
+    with contextlib.suppress(GroupExtraPropertiesNotFound):
+        async with get_database_engine(app).acquire() as conn:
+            user_group_extra_properties = (
+                await GroupExtraPropertiesRepo.get_aggregated_properties_for_user(
+                    conn, user_id=user_id, product_name=product_name
+                )
             )
+        override_services_specifications.allowed = (
+            user_group_extra_properties.override_services_specifications
         )
-    return [
-        Permission(
-            name="override_services_specifications",
-            allowed=user_group_extra_properties.override_services_specifications,
-        )
-    ]
+
+    return [override_services_specifications]
diff --git a/services/web/server/tests/unit/with_dbs/03/test_users.py b/services/web/server/tests/unit/with_dbs/03/test_users.py
@@ -14,6 +14,7 @@
 from typing import Any, AsyncIterable, AsyncIterator, Callable
 from unittest.mock import MagicMock, Mock
 
+import aiopg.sa
 import pytest
 import redis.asyncio as aioredis
 from aiohttp import web
@@ -33,6 +34,7 @@
 from redis import Redis
 from servicelib.aiohttp.application import create_safe_application
 from servicelib.rest_constants import RESPONSE_MODEL_POLICY
+from simcore_postgres_database.models.products import products
 from simcore_postgres_database.models.users import UserRole
 from simcore_service_webserver._meta import api_version_prefix as API_VERSION
 from simcore_service_webserver.application_settings import setup_settings
@@ -727,3 +729,60 @@ async def test_list_permissions_with_overriden_extra_properties(
 
     assert override_services_specifications.name == "override_services_specifications"
     assert override_services_specifications.allowed is True
+
+
+@pytest.fixture
+async def with_no_product_name_defined(
+    aiopg_engine: aiopg.sa.engine.Engine,
+) -> AsyncIterator[None]:
+    async with aiopg_engine.acquire() as conn:
+        result = await conn.execute(products.select())
+        assert result
+        list_of_products = await result.fetchall()
+
+        # remove them all
+        result = await conn.execute(products.delete())
+        assert result
+
+    yield
+
+    # revert changes
+    if list_of_products:
+        async with aiopg_engine.acquire() as conn:
+            await conn.execute(
+                products.insert().values(
+                    [dict(product.items()) for product in list_of_products]
+                )
+            )
+
+
+@pytest.mark.parametrize(
+    "user_role,expected_response",
+    [
+        (UserRole.USER, web.HTTPOk),
+    ],
+)
+async def test_list_permissions_with_no_group_defined_returns_default_false_for_services_override(
+    logged_user: UserInfoDict,
+    client: TestClient,
+    expected_response: type[web.HTTPException],
+    with_no_product_name_defined: None,
+):
+    assert client.app
+    url = client.app.router["list_user_permissions"].url_for()
+    assert f"{url}" == "/v0/me/permissions"
+    resp = await client.get(f"{url}")
+    data, error = await assert_status(resp, expected_response)
+    assert data
+    assert not error
+    list_of_permissions = parse_obj_as(list[PermissionGet], data)
+    filtered_permissions = list(
+        filter(
+            lambda x: x.name == "override_services_specifications", list_of_permissions
+        )
+    )
+    assert len(filtered_permissions) == 1
+    override_services_specifications = filtered_permissions[0]
+
+    assert override_services_specifications.name == "override_services_specifications"
+    assert override_services_specifications.allowed is False
