Exemple #1
0
def add_product_member(request, uid):
    user = get_object_or_404(Dojo_User, id=uid)
    memberform = Add_Product_Member_UserForm(initial={'user': user.id})
    if request.method == 'POST':
        memberform = Add_Product_Member_UserForm(request.POST,
                                                 initial={'user': user.id})
        if memberform.is_valid():
            if 'products' in memberform.cleaned_data and len(
                    memberform.cleaned_data['products']) > 0:
                for product in memberform.cleaned_data['products']:
                    existing_members = Product_Member.objects.filter(
                        product=product, user=user)
                    if existing_members.count() == 0:
                        product_member = Product_Member()
                        product_member.product = product
                        product_member.user = user
                        product_member.role = memberform.cleaned_data['role']
                        product_member.save()
            messages.add_message(request,
                                 messages.SUCCESS,
                                 'Product members added successfully.',
                                 extra_tags='alert-success')
            return HttpResponseRedirect(reverse('view_user', args=(uid, )))
    add_breadcrumb(title="Add Product Member",
                   top_level=False,
                   request=request)
    return render(request, 'dojo/new_product_member_user.html', {
        'user': user,
        'form': memberform,
    })
    def test_user_has_permission_product_member_success(self, mock_get):
        other_user = User()
        product_member_other_user = Product_Member()
        product_member_other_user.user = other_user
        product_member_other_user.product_type = self.product
        product_member_other_user.role = Roles.Owner
        mock_get.return_value = product_member_other_user

        result = user_has_permission(other_user, self.product_member_reader,
                                     Permissions.Product_Remove_Member)

        self.assertTrue(result)
        self.assertEqual(mock_get.call_args[1]['user'], other_user)
        self.assertEqual(mock_get.call_args[1]['product'], self.product)
    def test_user_has_permission_product_member_no_permission(self, mock_get):
        other_user = User()
        other_user.id = 2
        product_member_other_user = Product_Member()
        product_member_other_user.id = 2
        product_member_other_user.user = other_user
        product_member_other_user.product = self.product
        product_member_other_user.role = Roles.Reader
        mock_get.return_value = product_member_other_user

        result = user_has_permission(other_user, self.product_member_owner, Permissions.Product_Member_Delete)

        self.assertFalse(result)
        self.assertEqual(mock_get.call_args[1]['user'], other_user)
        self.assertEqual(mock_get.call_args[1]['product'], self.product)
Exemple #4
0
    def test_user_has_permission_product_member_success(self, mock_foo):
        other_user = User()
        other_user.id = 2
        product_member_other_user = Product_Member()
        product_member_other_user.id = 2
        product_member_other_user.user = other_user
        product_member_other_user.product = self.product
        product_member_other_user.role = Role.objects.get(id=Roles.Owner)
        mock_foo.select_related.return_value = mock_foo
        mock_foo.select_related.return_value = mock_foo
        mock_foo.filter.return_value = [product_member_other_user]

        result = user_has_permission(other_user, self.product_member_reader, Permissions.Product_Member_Delete)

        self.assertTrue(result)
        mock_foo.filter.assert_called_with(user=other_user)
Exemple #5
0
    def handle(self, *args, **options):
        logger.info('Started migrating users for authorization v2 ...')

        authorized_user_exists = False

        # Staff users have had all permissions for all product types and products,
        # so they will be get a global role as Owner.
        # Superusers will have all permissions anyway, so they must not be set as members.
        staff_users = Dojo_User.objects.filter(is_staff=True,
                                               is_superuser=False)
        for staff_user in staff_users:
            global_role = staff_user.global_role if hasattr(
                staff_user, 'global_role') else None
            if global_role is None:
                global_role = Global_Role()
                global_role.user = staff_user
            if global_role.role is None:
                global_role.role = self.owner_role
                global_role.save()
                logger.info('Global_Role Owner added for staff user {}'.format(
                    staff_user))
            else:
                logger.info('Staff user {} already has Global_Role {}'.format(
                    staff_user, global_role.role))

        # Authorized users for product types will be converted to product type members
        # with a role according to the settings
        product_types = Product_Type.objects.all().prefetch_related(
            'authorized_users')
        for product_type in product_types:
            for authorized_user in product_type.authorized_users.all():
                # If the product type member already exists, it won't be changed
                if Product_Type_Member.objects.filter(
                        product_type=product_type,
                        user=authorized_user).count() == 0:
                    authorized_user_exists = True
                    product_type_member = Product_Type_Member()
                    product_type_member.product_type = product_type
                    product_type_member.user = authorized_user
                    product_type_member.role = self.get_role()
                    product_type_member.save()
                    logger.info(
                        'Product_Type_Member added: {} / {} / {}'.format(
                            product_type, authorized_user,
                            product_type_member.role))
                else:
                    logger.info(
                        'Product_Type_Member already exists: {} / {}'.format(
                            product_type, authorized_user))

        # Authorized users for products will be converted to product members
        # with a role according to the settings
        products = Product.objects.all().prefetch_related('authorized_users')
        for product in products:
            for authorized_user in product.authorized_users.all():
                # If the product member already exists, it won't be changed
                if Product_Member.objects.filter(
                        product=product, user=authorized_user).count() == 0:
                    authorized_user_exists = True
                    product_member = Product_Member()
                    product_member.product = product
                    product_member.user = authorized_user
                    product_member.role = self.get_role()
                    product_member.save()
                    logger.info('Product_Member added: {} / {} / {}'.format(
                        product, authorized_user, product_member.role))
                else:
                    logger.info(
                        'Product_Member already exists: {} / {}'.format(
                            product, authorized_user))

        if authorized_user_exists and not settings.AUTHORIZED_USERS_ALLOW_STAFF and \
                (settings.AUTHORIZED_USERS_ALLOW_CHANGE or settings.AUTHORIZED_USERS_ALLOW_DELETE):
            logger.warn(
                'Authorized users have more permissions than before, because there is no equivalent for AUTHORIZED_USERS_ALLOW_CHANGE and AUTHORIZED_USERS_ALLOW_DELETE'
            )

        logger.info('Finished migrating users for authorization v2')