def __remove_org_membership(org, user_id):
is_user_an_owner: bool = False
org_has_other_owners: bool = False
user_membership: MembershipModel = None
for member in MembershipModel.find_members_by_org_id(org.id):
if member.user_id == user_id:
user_membership = member
if member.membership_type_code == ADMIN:
is_user_an_owner = True
elif member.membership_type_code == ADMIN:
org_has_other_owners = True
current_app.logger.info(
f'Org :{org.name} --> User Owner : {is_user_an_owner},Has other owners :{org_has_other_owners}'
)
if is_user_an_owner and not org_has_other_owners:
current_app.logger.info('Affiliated entities : {}'.format(
len(org.affiliated_entities)))
if len(org.affiliated_entities) == 0:
org.status_code = OrgStatus.INACTIVE.value
org.flush()
else:
# Roll back the transaction as there could be situation where a change in one org
# membership is flushed, but the next one fails. In this case roll back whole transaction
org.rollback()
raise BusinessException(Error.DELETE_FAILED_ONLY_OWNER, None)
else:
user_membership.status = Status.INACTIVE.value
user_membership.flush()
def test_create_user_and_add_membership_admin_bulk_mode_multiple(
session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Assert that an admin can add a group of members."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
membership = [
TestAnonymousMembership.generate_random_user(MEMBER),
TestAnonymousMembership.generate_random_user(ADMIN)
]
users = UserService.create_user_and_add_membership(membership,
org.id,
token_info=claims)
assert len(users['users']) == 2
assert users['users'][0]['username'] == membership[0]['username']
assert users['users'][0]['type'] == 'ANONYMOUS'
assert users['users'][1]['username'] == membership[1]['username']
assert users['users'][1]['type'] == 'ANONYMOUS'
members = MembershipModel.find_members_by_org_id(org.id)
# staff didnt create members..so count is count of owner+other 2 members
assert len(members) == 3
def test_create_user_and_add_membership_admin_bulk_mode_multiple(
session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument
"""Assert that an admin can add a group of members."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
membership = [
TestAnonymousMembership.generate_random_user(USER),
TestAnonymousMembership.generate_random_user(COORDINATOR)
]
patch_token_info(claims, monkeypatch)
users = UserService.create_user_and_add_membership(membership, org.id)
assert len(users['users']) == 2
assert users['users'][0][
'username'] == IdpHint.BCROS.value + '/' + membership[0]['username']
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
assert users['users'][1][
'username'] == IdpHint.BCROS.value + '/' + membership[1]['username']
assert users['users'][1]['type'] == Role.ANONYMOUS_USER.name
members = MembershipModel.find_members_by_org_id(org.id)
# staff didnt create members..so count is count of owner+other 2 members
assert len(members) == 3
def test_create_user_and_add_transaction_membership_1(session, auth_mock,
keycloak_mock): # pylint:disable=unused-argument
"""Assert transactions works fine."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
membership = [TestAnonymousMembership.generate_random_user(ADMIN)]
with patch('auth_api.models.User.flush',
side_effect=Exception('mocked error')):
users = UserService.create_user_and_add_membership(membership,
org.id,
single_mode=True)
user_name = IdpHint.BCROS.value + '/' + membership[0]['username']
assert len(users['users']) == 1
assert users['users'][0]['username'] == membership[0]['username']
assert users['users'][0]['http_status'] == 500
assert users['users'][0]['error'] == 'Adding User Failed'
# make sure no records are created
user = UserModel.find_by_username(user_name)
assert user is None
user = UserModel.find_by_username(membership[0]['username'])
assert user is None
members = MembershipModel.find_members_by_org_id(org.id)
# only one member should be there since its a STAFF created org
assert len(members) == 0
def test_create_user_add_membership_reenable(session, auth_mock, keycloak_mock,
monkeypatch): # pylint:disable=unused-argument
"""Assert that an admin can add a member."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
patch_token_info(claims, monkeypatch)
anon_member = TestAnonymousMembership.generate_random_user(USER)
membership = [anon_member]
users = UserService.create_user_and_add_membership(membership, org.id)
user_name = IdpHint.BCROS.value + '/' + membership[0]['username']
assert len(users['users']) == 1
assert users['users'][0]['username'] == user_name
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
members = MembershipModel.find_members_by_org_id(org.id)
# staff didnt create members..so count is count of owner+other 1 member
assert len(members) == 2
# assert cant be readded
users = UserService.create_user_and_add_membership(membership, org.id)
assert users['users'][0]['http_status'] == 409
assert users['users'][0]['error'] == 'The username is already taken'
# deactivate everything and try again
anon_user = UserModel.find_by_username(user_name)
anon_user.status = Status.INACTIVE.value
anon_user.save()
membership_model = MembershipModel.find_membership_by_userid(anon_user.id)
membership_model.status = Status.INACTIVE.value
update_user_request = KeycloakUser()
update_user_request.user_name = membership[0]['username']
update_user_request.enabled = False
KeycloakService.update_user(update_user_request)
org2 = factory_org_model(org_info=TestOrgInfo.org_anonymous_2,
org_type_info={'code': 'BASIC'},
org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org2.id)
factory_product_model(org2.id, product_code=ProductCode.DIR_SEARCH.value)
users = UserService.create_user_and_add_membership(membership, org2.id)
assert users['users'][0]['http_status'] == 409
assert users['users'][0]['error'] == 'The username is already taken'
# add to same org.Should work
users = UserService.create_user_and_add_membership(membership, org.id)
assert len(users['users']) == 1
assert users['users'][0][
'username'] == IdpHint.BCROS.value + '/' + membership[0]['username']
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
def test_create_user_and_add_membership_owner_skip_auth_mode(session, auth_mock,
keycloak_mock): # pylint:disable=unused-argument
"""Assert that an owner can be added as anonymous."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
membership = [TestAnonymousMembership.generate_random_user(ADMIN)]
users = UserService.create_user_and_add_membership(membership, org.id, single_mode=True)
assert len(users['users']) == 1
assert users['users'][0]['username'] == IdpHint.BCROS.value + '/' + membership[0]['username']
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
members = MembershipModel.find_members_by_org_id(org.id)
# only one member should be there since its a STAFF created org
assert len(members) == 1
assert members[0].membership_type_code == ADMIN
def delete_org(org_id):
"""Soft-Deletes an Org.
Only admin can perform this.
1 - All businesses gets unaffiliated.
2 - All team members removed.
3 - If there is any credit on the account then cannot be deleted.
Premium:
1 - If there is any active PAD transactions going on, then cannot be deleted.
"""
current_app.logger.debug(f'<Delete Org {org_id}')
# Affiliation uses OrgService, adding as local import
# pylint:disable=import-outside-toplevel, cyclic-import
from auth_api.services.affiliation import Affiliation as AffiliationService
check_auth(one_of_roles=(ADMIN, STAFF), org_id=org_id)
org: OrgModel = OrgModel.find_by_org_id(org_id)
if not org:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if org.status_code not in (OrgStatus.ACTIVE.value,
OrgStatus.PENDING_INVITE_ACCEPT.value):
raise BusinessException(Error.NOT_ACTIVE_ACCOUNT, None)
# Deactivate pay account
Org._delete_pay_account(org_id)
# Find all active affiliations and remove them.
entities = AffiliationService.find_affiliations_by_org_id(org_id)
for entity in entities:
AffiliationService.delete_affiliation(
org_id=org_id,
business_identifier=entity['business_identifier'],
reset_passcode=True)
# Deactivate all members.
members = MembershipModel.find_members_by_org_id(org_id)
for member in members:
member.status = Status.INACTIVE.value
member.flush()
user: UserModel = UserModel.find_by_id(member.user_id)
# Remove user from keycloak group if they are not part of any orgs
if len(MembershipModel.find_orgs_for_user(member.user_id)) == 0:
KeycloakService.remove_from_account_holders_group(
user.keycloak_guid)
# If the admin is BCeID user, mark the affidavit INACTIVE.
if user.login_source == LoginSource.BCEID.value and member.membership_type_code == ADMIN:
affidavit: AffidavitModel = AffidavitModel.find_approved_by_user_id(
user.id)
if affidavit:
affidavit.status_code = AffidavitStatus.INACTIVE.value
affidavit.flush()
# Set the account as INACTIVE
org.status_code = OrgStatus.INACTIVE.value
org.save()
current_app.logger.debug('org Inactivated>')
