feat: implement role-based access control for miniapp
All checks were successful
CI / lint-and-test (push) Successful in 22s
All checks were successful
CI / lint-and-test (push) Successful in 22s
- Introduced a new roles table in the database to manage user roles ('user' and 'admin') for access control.
- Updated the user model to include a foreign key reference to the roles table, allowing for role assignment.
- Enhanced command handlers to support the `/set_role` command for admins to assign roles to users.
- Refactored access control logic to utilize role checks instead of username/phone allowlists, improving security and maintainability.
- Updated documentation to reflect changes in access control mechanisms and role management.
- Added unit tests to ensure correct functionality of role assignment and access checks.
This commit is contained in:
@@ -175,24 +175,26 @@ async def test_calendar_link_with_user_and_token_replies_with_url():
|
||||
mock_user.id = 10
|
||||
mock_user.phone = None
|
||||
mock_get_user.return_value = mock_user
|
||||
with patch("duty_teller.handlers.commands.config") as mock_cfg:
|
||||
mock_cfg.can_access_miniapp.return_value = True
|
||||
mock_cfg.can_access_miniapp_by_phone.return_value = False
|
||||
mock_cfg.MINI_APP_BASE_URL = "https://example.com"
|
||||
with patch(
|
||||
"duty_teller.handlers.commands.create_calendar_token",
|
||||
return_value="abc43token",
|
||||
):
|
||||
with patch(
|
||||
"duty_teller.handlers.commands.can_access_miniapp_for_telegram_user",
|
||||
return_value=True,
|
||||
):
|
||||
with patch("duty_teller.handlers.commands.config") as mock_cfg:
|
||||
mock_cfg.MINI_APP_BASE_URL = "https://example.com"
|
||||
with patch(
|
||||
"duty_teller.handlers.commands.get_lang", return_value="en"
|
||||
"duty_teller.handlers.commands.create_calendar_token",
|
||||
return_value="abc43token",
|
||||
):
|
||||
with patch("duty_teller.handlers.commands.t") as mock_t:
|
||||
mock_t.side_effect = lambda lang, key, **kw: (
|
||||
f"URL: {kw.get('url', '')}"
|
||||
if "success" in key
|
||||
else "Hint"
|
||||
)
|
||||
await calendar_link(update, MagicMock())
|
||||
with patch(
|
||||
"duty_teller.handlers.commands.get_lang", return_value="en"
|
||||
):
|
||||
with patch("duty_teller.handlers.commands.t") as mock_t:
|
||||
mock_t.side_effect = lambda lang, key, **kw: (
|
||||
f"URL: {kw.get('url', '')}"
|
||||
if "success" in key
|
||||
else "Hint"
|
||||
)
|
||||
await calendar_link(update, MagicMock())
|
||||
message.reply_text.assert_called_once()
|
||||
call_args = message.reply_text.call_args[0][0]
|
||||
assert "abc43token" in call_args or "example.com" in call_args
|
||||
@@ -216,9 +218,10 @@ async def test_calendar_link_denied_replies_access_denied():
|
||||
mock_user.id = 10
|
||||
mock_user.phone = None
|
||||
mock_get_user.return_value = mock_user
|
||||
with patch("duty_teller.handlers.commands.config") as mock_cfg:
|
||||
mock_cfg.can_access_miniapp.return_value = False
|
||||
mock_cfg.can_access_miniapp_by_phone.return_value = False
|
||||
with patch(
|
||||
"duty_teller.handlers.commands.can_access_miniapp_for_telegram_user",
|
||||
return_value=False,
|
||||
):
|
||||
with patch("duty_teller.handlers.commands.get_lang", return_value="en"):
|
||||
with patch("duty_teller.handlers.commands.t") as mock_t:
|
||||
mock_t.return_value = "Access denied"
|
||||
|
||||
Reference in New Issue
Block a user