def validate_managed_users_are_not_managers_or_bosses(managed_users):
managed_user_ids = [item["user"]["id"] for item in managed_users]
managed_users = CUser.objects.filter(id__in=managed_user_ids).all()
for user in managed_users:
if user.is_superuser or is_manager(user):
raise serializers.ValidationError(
"A manager can't manage other managers or bosses")
def test_given_a_boss_can_convert_a_manager_to_end_hitman_removing_all_his_managed_hitmen(
self,
):
update_url = reverse("users-detail", args=[str(self.manager.id)])
self.client.force_authenticate(self.boss)
payload = {"is_active": True, "managed_users": []}
response = self.client.put(update_url, payload)
self.assertEquals(response.status_code, status.HTTP_200_OK)
self.hitman2.refresh_from_db()
self.assertTrue(not is_manager(self.manager))
self.assertTrue(is_hitman(self.manager))
def test_given_a_boss_then_can_promote_a_hitman_to_manager_adding_managed_users_to_end_hitman(
self,
):
update_url = reverse("users-detail", args=[str(self.hitman.id)])
self.client.force_authenticate(self.boss)
payload = {
"is_active": True,
"managed_users": [{"id": self.hitman2.id}],
}
response = self.client.put(update_url, payload)
self.assertEquals(response.status_code, status.HTTP_200_OK)
self.hitman2.refresh_from_db()
self.assertTrue(is_manager(self.hitman))
self.assertTrue(not is_hitman(self.hitman))
def get_queryset(self): # Filters the available hits by user role
user = self.request.user
if user.is_superuser:
return self.queryset.all()
if is_manager(user):
return self.queryset.filter(
Q(assigned_to=user)
| Q(assigned_to__in=[
lackey.user for lackey in ManagerUser.objects.filter(
manager=user).all()
])).all()
return self.queryset.filter(assigned_to=user).all()
def can_create_hit_for_assigned_user(self, request):
if not "assigned_to" in request.data:
return False
if request.data["assigned_to"] == request.user.email:
return False
if request.user.is_superuser:
return True
if (is_manager(request.user) and ManagerUser.objects.filter(
user=CUser.objects.get(email=request.data["assigned_to"]),
manager=request.user,
).first()): # Check that assigned user is a lackey of logged user
return True
return False
def has_permission(self, request, view):
user = request.user
if "assigned_to" not in request.data:
return True
if request.data["assigned_to"] == user.email:
return False
if user.is_superuser:
return True
if (is_manager(request.user) and ManagerUser.objects.filter(
user=CUser.objects.get(email=request.data["assigned_to"]),
manager=request.user,
).first()): # Check that assigned user is a lackey of logged user
return True
return False
def has_permission(self, request, view):
self.can_create_hit_for_assigned_user(request)
user = request.user
return (is_manager(user) or user.is_superuser
) and self.can_create_hit_for_assigned_user(request)
def has_permission(self, request, view):
user = request.user
return is_manager(user) or user.is_superuser
def get_queryset(self):
if is_manager(self.request.user):
return self.queryset.filter(user__manager_id=self.request.user.id).all()
return super(UserViewSet, self).get_queryset()