Example #1
0
    def update(self, request, *args, **kwargs):
        """
        used for updating permissions/role of user in matter
        """
        data = request.DATA.copy()

        username = data.get('username')
        role = data.get('role', None)
        permissions = data.get('permissions')

        try:
            participant = User.objects.get(username=username)
        except User.DoesNotExist:
            return Response({'details': 'User does not exist (username=%s)' % username})

        perms = participant.matter_permissions(matter=self.matter)
        if perms.pk is None:
            # user is not a participant of this matter yet
            raise Http404

        if role is not None:
            perms.role = ROLES.get_value_by_name(role)

        perms.update_permissions(**permissions)
        perms.save()

        return Response(LiteUserSerializer(participant, context={'request': self.request,
                                                                 'matter': self.matter}).data,
                        status=http_status.HTTP_202_ACCEPTED)
Example #2
0
 def get_lawyer(self, obj):
     owner_data = LiteUserSerializer(obj.lawyer).data
     owner_data.update({
         'role': ROLES.get_name_by_value(ROLES.owner),
         'permissions': MATTER_OWNER_PERMISSIONS,
     })
     return owner_data
Example #3
0
    def test_post_new_existing_participant(self):
        """
        Test we can add users to the participants only with manage_participants
        """
        self.client.login(username=self.user.username, password=self.password)

        data = {
            'email': self.lawyer_to_add.email,
            'first_name': 'Bob',
            'last_name': 'Crockett',
            'message': 'Bob you are being added here please do something',
            'role': ROLES.get_name_by_value(ROLES.colleague)
        }

        self.set_user_matter_perms(user=self.user, manage_participants=False)
        resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 403)  # forbidden

        self.set_user_matter_perms(user=self.user, manage_clients=True)
        resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 403)  # forbidden

        self.set_user_matter_perms(user=self.user, manage_participants=True)
        resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 202)  # accepted
Example #4
0
    def can_edit(self, user):
        role = self.request.DATA.get('role')
        if not role:
            return False

        # manage_participants overrides manage_clients
        if user.matter_permissions(matter=self.matter).has_permission(manage_participants=True) is True:
            return True
        elif ROLES.get_value_by_name(role.lower()) == ROLES.client:
            return user.matter_permissions(matter=self.matter).has_permission(manage_clients=True) is True
Example #5
0
    def test_patch_participant(self):
        self.client.login(username=self.user.username, password=self.password)

        # create user to be modified after:
        data = {
            'username': self.lawyer.username,
            'permissions': {'manage_items': True, 'manage_participants': False},
            'role': ROLES.get_name_by_value(ROLES.colleague)
        }

        self.set_user_matter_perms(user=self.user, manage_participants=False)
        resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 403)  # forbidden

        self.set_user_matter_perms(user=self.user, manage_clients=True)
        resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 403)  # forbidden

        self.set_user_matter_perms(user=self.user, manage_participants=True)
        resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
        self.assertEqual(resp.status_code, 202)  # accepted
Example #6
0
    def test_delete(self):
        """
        Test we can remove users to the participants
        """
        self.client.login(username=self.user.username, password=self.password)

        #
        # Create new non-existing user
        #
        data = {
            'email': '*****@*****.**',
            'first_name': 'Delete',
            'last_name': 'User',
            'message': 'You are about to be deleted',
            'role': ROLES.get_name_by_value(ROLES.colleague)
        }

        self.set_user_matter_perms(user=self.user, manage_participants=True)
        resp = self.client.post(self.endpoint, data)
        self.assertEqual(resp.status_code, 202)  # Accepted
        #
        # Test the primary user can delete other lawyers/users
        #
        user_to_delete = self.matter.participants.get(username='******')
        user_perms = user_to_delete.matter_permissions(matter=self.matter)

        self.assertEqual(user_perms.role, ROLES.colleague)
        self.assertEqual(user_perms.role_name, 'colleague')


        # append the email to the url for DELETE
        endpoint = '%s/%s' % (self.endpoint, user_to_delete.username)

        self.set_user_matter_perms(user=self.user, manage_participants=False)
        resp = self.client.delete(endpoint, None)
        self.assertEqual(resp.status_code, 403)  # forbidden

        self.set_user_matter_perms(user=self.user, manage_participants=True)
        resp = self.client.delete(endpoint, None)
        self.assertEqual(resp.status_code, 202)  # accepted
Example #7
0
    def test_removed_matter_participant(self):
        self.client.login(username=self.lawyer.username, password=self.password)
        endpoint_url = reverse('matter_participant', kwargs={'matter_slug': self.matter.slug})
        """
        when you remove a user, obviously they dont get a notification; so we need to create another user
        and make them part of the matter
        """
        matter_participant = mommy.make('auth.User', first_name='Matter', last_name='Participant',
                                        username='******', email='*****@*****.**')
        matter_participant.set_password(self.password)
        matter_participant.save()
        matter_participant_profile = matter_participant.profile
        matter_participant_profile.validated_email = True
        matter_participant_profile.save(update_fields=['data'])

        # add the user
        data = {
            'email': matter_participant.email,
            'first_name': matter_participant.first_name,
            'last_name': matter_participant.last_name,
            'role': ROLES.get_name_by_value(ROLES.thirdparty),
            'message': 'Bob you are being added here please do something',
        }

        resp = self.client.post(endpoint_url,
                                json.dumps(data),
                                content_type='application/json')
        self.assertEqual(resp.status_code, 202)  # accepted

        # remove it again:
        # append the email to the url for DELETE
        endpoint = '%s/%s' % (endpoint_url, matter_participant.email)
        resp = self.client.delete(endpoint, None)
        self.assertEqual(resp.status_code, 202)  # accepted

        inbox = self.get_inbox(user=self.user)

        self.assertEqual(inbox.count(), 2)  # should get the notification about adding matter_participant to matter
        # for i in inbox:
        #     print i.__unicode__()
        self.assertTrue(all(i.__unicode__() in [u'[Customër Tëst] Lawyër Tëst added Matter Participant as a new member to Lawpal (test)',
                                                u'[Customër Tëst] Lawyër Tëst removed Matter Participant as a participant of Lawpal (test)'] for i in inbox))

        inbox = self.get_inbox(user=matter_participant)

        self.assertEqual(inbox.count(), 1)  # should get the notification about adding matter_participant to matter
        notice = inbox.first()

        test_html = self.get_html(for_user=matter_participant)

        message = notice.message.data
        actor = message.get('actor')
        target = message.get('target')
        client = target.get('client')
        verb_slug = message.get('verb_slug')

        action_object_name = message.get('action_object', {}).get('name')
        action_object_url = message.get('action_object', {}).get('regular_url')
        #/matters/test-matter-1/#/checklist/d777c6c9fbfb4e53baf3efa896111972/revision/v1/review/bcfbea3b32a0476bb141a677746349a0

        self.assert_html_present(test_html=test_html,
                                 verb_slug=verb_slug,
                                 notice_pk=notice.pk,
                                 actor_name=actor.get('name') if actor else None,
                                 actor_initials=actor.get('initials') if actor else None,
                                 message=notice.message,
                                 date=notice.message.date,
                                 base_url=target.get('base_url') if target else None,
                                 target_name=target.get('name') if target else None,
                                 client_name=client.get('name') if client else None,
                                 action_object_name=action_object_name,
                                 action_object_url=action_object_url)
Example #8
0
 def transform_role(self, role):
     """
     Transform the role taking into account the fake co-owner->owner relationship
     """
     return ROLES.get_value_by_name('owner') if role == 'co-owner' else ROLES.get_value_by_name(role)