def add_product_member(request, uid):
user = get_object_or_404(Dojo_User, id=uid)
memberform = Add_Product_Member_UserForm(initial={'user': user.id})
if request.method == 'POST':
memberform = Add_Product_Member_UserForm(request.POST,
initial={'user': user.id})
if memberform.is_valid():
if 'products' in memberform.cleaned_data and len(
memberform.cleaned_data['products']) > 0:
for product in memberform.cleaned_data['products']:
existing_members = Product_Member.objects.filter(
product=product, user=user)
if existing_members.count() == 0:
product_member = Product_Member()
product_member.product = product
product_member.user = user
product_member.role = memberform.cleaned_data['role']
product_member.save()
messages.add_message(request,
messages.SUCCESS,
'Product members added successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_user', args=(uid, )))
add_breadcrumb(title="Add Product Member",
top_level=False,
request=request)
return render(request, 'dojo/new_product_member_user.html', {
'user': user,
'form': memberform,
})
def test_user_has_permission_product_member_success(self, mock_get):
other_user = User()
product_member_other_user = Product_Member()
product_member_other_user.user = other_user
product_member_other_user.product_type = self.product
product_member_other_user.role = Roles.Owner
mock_get.return_value = product_member_other_user
result = user_has_permission(other_user, self.product_member_reader,
Permissions.Product_Remove_Member)
self.assertTrue(result)
self.assertEqual(mock_get.call_args[1]['user'], other_user)
self.assertEqual(mock_get.call_args[1]['product'], self.product)
def test_user_has_permission_product_member_no_permission(self, mock_get):
other_user = User()
other_user.id = 2
product_member_other_user = Product_Member()
product_member_other_user.id = 2
product_member_other_user.user = other_user
product_member_other_user.product = self.product
product_member_other_user.role = Roles.Reader
mock_get.return_value = product_member_other_user
result = user_has_permission(other_user, self.product_member_owner, Permissions.Product_Member_Delete)
self.assertFalse(result)
self.assertEqual(mock_get.call_args[1]['user'], other_user)
self.assertEqual(mock_get.call_args[1]['product'], self.product)
def test_user_has_permission_product_member_success(self, mock_foo):
other_user = User()
other_user.id = 2
product_member_other_user = Product_Member()
product_member_other_user.id = 2
product_member_other_user.user = other_user
product_member_other_user.product = self.product
product_member_other_user.role = Role.objects.get(id=Roles.Owner)
mock_foo.select_related.return_value = mock_foo
mock_foo.select_related.return_value = mock_foo
mock_foo.filter.return_value = [product_member_other_user]
result = user_has_permission(other_user, self.product_member_reader, Permissions.Product_Member_Delete)
self.assertTrue(result)
mock_foo.filter.assert_called_with(user=other_user)
def handle(self, *args, **options):
logger.info('Started migrating users for authorization v2 ...')
authorized_user_exists = False
# Staff users have had all permissions for all product types and products,
# so they will be get a global role as Owner.
# Superusers will have all permissions anyway, so they must not be set as members.
staff_users = Dojo_User.objects.filter(is_staff=True,
is_superuser=False)
for staff_user in staff_users:
global_role = staff_user.global_role if hasattr(
staff_user, 'global_role') else None
if global_role is None:
global_role = Global_Role()
global_role.user = staff_user
if global_role.role is None:
global_role.role = self.owner_role
global_role.save()
logger.info('Global_Role Owner added for staff user {}'.format(
staff_user))
else:
logger.info('Staff user {} already has Global_Role {}'.format(
staff_user, global_role.role))
# Authorized users for product types will be converted to product type members
# with a role according to the settings
product_types = Product_Type.objects.all().prefetch_related(
'authorized_users')
for product_type in product_types:
for authorized_user in product_type.authorized_users.all():
# If the product type member already exists, it won't be changed
if Product_Type_Member.objects.filter(
product_type=product_type,
user=authorized_user).count() == 0:
authorized_user_exists = True
product_type_member = Product_Type_Member()
product_type_member.product_type = product_type
product_type_member.user = authorized_user
product_type_member.role = self.get_role()
product_type_member.save()
logger.info(
'Product_Type_Member added: {} / {} / {}'.format(
product_type, authorized_user,
product_type_member.role))
else:
logger.info(
'Product_Type_Member already exists: {} / {}'.format(
product_type, authorized_user))
# Authorized users for products will be converted to product members
# with a role according to the settings
products = Product.objects.all().prefetch_related('authorized_users')
for product in products:
for authorized_user in product.authorized_users.all():
# If the product member already exists, it won't be changed
if Product_Member.objects.filter(
product=product, user=authorized_user).count() == 0:
authorized_user_exists = True
product_member = Product_Member()
product_member.product = product
product_member.user = authorized_user
product_member.role = self.get_role()
product_member.save()
logger.info('Product_Member added: {} / {} / {}'.format(
product, authorized_user, product_member.role))
else:
logger.info(
'Product_Member already exists: {} / {}'.format(
product, authorized_user))
if authorized_user_exists and not settings.AUTHORIZED_USERS_ALLOW_STAFF and \
(settings.AUTHORIZED_USERS_ALLOW_CHANGE or settings.AUTHORIZED_USERS_ALLOW_DELETE):
logger.warn(
'Authorized users have more permissions than before, because there is no equivalent for AUTHORIZED_USERS_ALLOW_CHANGE and AUTHORIZED_USERS_ALLOW_DELETE'
)
logger.info('Finished migrating users for authorization v2')