def update(self, request, *args, **kwargs):
"""
used for updating permissions/role of user in matter
"""
data = request.DATA.copy()
username = data.get('username')
role = data.get('role', None)
permissions = data.get('permissions')
try:
participant = User.objects.get(username=username)
except User.DoesNotExist:
return Response({'details': 'User does not exist (username=%s)' % username})
perms = participant.matter_permissions(matter=self.matter)
if perms.pk is None:
# user is not a participant of this matter yet
raise Http404
if role is not None:
perms.role = ROLES.get_value_by_name(role)
perms.update_permissions(**permissions)
perms.save()
return Response(LiteUserSerializer(participant, context={'request': self.request,
'matter': self.matter}).data,
status=http_status.HTTP_202_ACCEPTED)
def get_lawyer(self, obj):
owner_data = LiteUserSerializer(obj.lawyer).data
owner_data.update({
'role': ROLES.get_name_by_value(ROLES.owner),
'permissions': MATTER_OWNER_PERMISSIONS,
})
return owner_data
def test_post_new_existing_participant(self):
"""
Test we can add users to the participants only with manage_participants
"""
self.client.login(username=self.user.username, password=self.password)
data = {
'email': self.lawyer_to_add.email,
'first_name': 'Bob',
'last_name': 'Crockett',
'message': 'Bob you are being added here please do something',
'role': ROLES.get_name_by_value(ROLES.colleague)
}
self.set_user_matter_perms(user=self.user, manage_participants=False)
resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 403) # forbidden
self.set_user_matter_perms(user=self.user, manage_clients=True)
resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 403) # forbidden
self.set_user_matter_perms(user=self.user, manage_participants=True)
resp = self.client.post(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 202) # accepted
def can_edit(self, user):
role = self.request.DATA.get('role')
if not role:
return False
# manage_participants overrides manage_clients
if user.matter_permissions(matter=self.matter).has_permission(manage_participants=True) is True:
return True
elif ROLES.get_value_by_name(role.lower()) == ROLES.client:
return user.matter_permissions(matter=self.matter).has_permission(manage_clients=True) is True
def test_patch_participant(self):
self.client.login(username=self.user.username, password=self.password)
# create user to be modified after:
data = {
'username': self.lawyer.username,
'permissions': {'manage_items': True, 'manage_participants': False},
'role': ROLES.get_name_by_value(ROLES.colleague)
}
self.set_user_matter_perms(user=self.user, manage_participants=False)
resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 403) # forbidden
self.set_user_matter_perms(user=self.user, manage_clients=True)
resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 403) # forbidden
self.set_user_matter_perms(user=self.user, manage_participants=True)
resp = self.client.patch(self.endpoint, json.dumps(data), content_type='application/json')
self.assertEqual(resp.status_code, 202) # accepted
def test_delete(self):
"""
Test we can remove users to the participants
"""
self.client.login(username=self.user.username, password=self.password)
#
# Create new non-existing user
#
data = {
'email': '*****@*****.**',
'first_name': 'Delete',
'last_name': 'User',
'message': 'You are about to be deleted',
'role': ROLES.get_name_by_value(ROLES.colleague)
}
self.set_user_matter_perms(user=self.user, manage_participants=True)
resp = self.client.post(self.endpoint, data)
self.assertEqual(resp.status_code, 202) # Accepted
#
# Test the primary user can delete other lawyers/users
#
user_to_delete = self.matter.participants.get(username='******')
user_perms = user_to_delete.matter_permissions(matter=self.matter)
self.assertEqual(user_perms.role, ROLES.colleague)
self.assertEqual(user_perms.role_name, 'colleague')
# append the email to the url for DELETE
endpoint = '%s/%s' % (self.endpoint, user_to_delete.username)
self.set_user_matter_perms(user=self.user, manage_participants=False)
resp = self.client.delete(endpoint, None)
self.assertEqual(resp.status_code, 403) # forbidden
self.set_user_matter_perms(user=self.user, manage_participants=True)
resp = self.client.delete(endpoint, None)
self.assertEqual(resp.status_code, 202) # accepted
def test_removed_matter_participant(self):
self.client.login(username=self.lawyer.username, password=self.password)
endpoint_url = reverse('matter_participant', kwargs={'matter_slug': self.matter.slug})
"""
when you remove a user, obviously they dont get a notification; so we need to create another user
and make them part of the matter
"""
matter_participant = mommy.make('auth.User', first_name='Matter', last_name='Participant',
username='******', email='*****@*****.**')
matter_participant.set_password(self.password)
matter_participant.save()
matter_participant_profile = matter_participant.profile
matter_participant_profile.validated_email = True
matter_participant_profile.save(update_fields=['data'])
# add the user
data = {
'email': matter_participant.email,
'first_name': matter_participant.first_name,
'last_name': matter_participant.last_name,
'role': ROLES.get_name_by_value(ROLES.thirdparty),
'message': 'Bob you are being added here please do something',
}
resp = self.client.post(endpoint_url,
json.dumps(data),
content_type='application/json')
self.assertEqual(resp.status_code, 202) # accepted
# remove it again:
# append the email to the url for DELETE
endpoint = '%s/%s' % (endpoint_url, matter_participant.email)
resp = self.client.delete(endpoint, None)
self.assertEqual(resp.status_code, 202) # accepted
inbox = self.get_inbox(user=self.user)
self.assertEqual(inbox.count(), 2) # should get the notification about adding matter_participant to matter
# for i in inbox:
# print i.__unicode__()
self.assertTrue(all(i.__unicode__() in [u'[Customër Tëst] Lawyër Tëst added Matter Participant as a new member to Lawpal (test)',
u'[Customër Tëst] Lawyër Tëst removed Matter Participant as a participant of Lawpal (test)'] for i in inbox))
inbox = self.get_inbox(user=matter_participant)
self.assertEqual(inbox.count(), 1) # should get the notification about adding matter_participant to matter
notice = inbox.first()
test_html = self.get_html(for_user=matter_participant)
message = notice.message.data
actor = message.get('actor')
target = message.get('target')
client = target.get('client')
verb_slug = message.get('verb_slug')
action_object_name = message.get('action_object', {}).get('name')
action_object_url = message.get('action_object', {}).get('regular_url')
#/matters/test-matter-1/#/checklist/d777c6c9fbfb4e53baf3efa896111972/revision/v1/review/bcfbea3b32a0476bb141a677746349a0
self.assert_html_present(test_html=test_html,
verb_slug=verb_slug,
notice_pk=notice.pk,
actor_name=actor.get('name') if actor else None,
actor_initials=actor.get('initials') if actor else None,
message=notice.message,
date=notice.message.date,
base_url=target.get('base_url') if target else None,
target_name=target.get('name') if target else None,
client_name=client.get('name') if client else None,
action_object_name=action_object_name,
action_object_url=action_object_url)
def transform_role(self, role):
"""
Transform the role taking into account the fake co-owner->owner relationship
"""
return ROLES.get_value_by_name('owner') if role == 'co-owner' else ROLES.get_value_by_name(role)