Merge pull request #20 from edx/iahmad/ENT-1836-Fix-implicit-check-fo…

…r-absent-JWT

ENT-1836 Check for JWT presence in implicit permission

CHANGELOG.rst

@@ -11,6 +11,12 @@ Change Log
 
 .. There should always be an "Unreleased" section for changes pending release.
 
+[0.2.0] - 2019-04-30
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Check for JWT presence in implicit permission.
+* Refactor role retrieval to remove the dependency on django models for assigning roles.
+
 [0.1.11] - 2019-04-08
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

edx_rbac/utils.py

@@ -79,6 +79,8 @@ def request_user_has_implicit_access_via_jwt(decoded_jwt, role_name, context=Non
             'coupon-manager': ['coupon-management']
         }
     """
+    if not decoded_jwt:
+        return False
     jwt_roles_claim = decoded_jwt.get('roles', [])
 
     feature_roles = {}

tests/test_utils.py

@@ -139,6 +139,16 @@ def test_request_user_has_no_implicit_access_via_jwt(self):
             'superuser-access',
         )
 
+    def test_request_user_has_no_implicit_access_when_jwt_absent(self):
+        """
+        Helper function should return False when JWT is absent
+        """
+        toy_decoded_jwt = None
+        assert not request_user_has_implicit_access_via_jwt(
+            toy_decoded_jwt,
+            'superuser-access',
+        )
+
     def test_request_user_has_implicit_access_via_jwt_with_context(self):
         """
         Helper function should discern what roles user has based on role data