def test_project_share_readonly(self):
# create project and publish form to project
self._publish_xls_form_to_project()
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
projectid = self.project.pk
self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user,
self.project))
data = {'username': '******', 'role': ReadOnlyRole.name}
request = self.factory.put('/', data=data, **self.extra)
view = ProjectViewSet.as_view({
'put': 'share'
})
response = view(request, pk=projectid)
self.assertEqual(response.status_code, 204)
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.project))
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.xform))
perms = role.get_object_users_with_permissions(self.project)
for p in perms:
user = p.get('user')
if user == alice_profile.user:
r = p.get('role')
self.assertEquals(r, ReadOnlyRole.name)
def add_xform_to_project(xform, project, creator):
"""Adds an xform to a project"""
# remove xform from any previous relation to a project
xform.projectxform_set.all().delete()
# make new connection
instance = ProjectXForm.objects.create(xform=xform,
project=project,
created_by=creator)
instance.save()
# check if the project is a public and make the form public
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
if user != creator:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
return instance
def add_xform_to_project(xform, project, creator):
"""Adds an xform to a project"""
# remove xform from any previous relation to a project
xform.projectxform_set.all().delete()
# make new connection
instance = ProjectXForm.objects.create(
xform=xform, project=project, created_by=creator)
instance.save()
# check if the project is a public and make the form public
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
if user != creator:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
return instance
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertFalse(org_user in [d['user'] for d in users_with_perms])
def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertFalse(org_user in [d['user'] for d in users_with_perms])
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(xform,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user
and project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(
xform, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user and
project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(
project, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def get_project_permissions(self, obj):
if obj:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, obj.pk))
if users:
return users
user = get_object_users_with_permissions(obj)
cache.set('{}{}'.format(PROJ_PERM_CACHE, obj.pk), user)
return user
return []
def get_project_permissions(self, obj):
if obj:
users = cache.get("{}{}".format(PROJ_PERM_CACHE, obj.pk))
if users:
return users
user = get_object_users_with_permissions(obj)
cache.set("{}{}".format(PROJ_PERM_CACHE, obj.pk), user)
return user
return []
def get_xform_permissions(self, obj):
if obj:
xform_perms = cache.get('{}{}'.format(XFORM_PERMISSIONS_CACHE,
obj.pk))
if xform_perms:
return xform_perms
xform_perms = get_object_users_with_permissions(obj)
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk),
xform_perms)
return xform_perms
return []
def set_project_perms_to_xform(xform, project):
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm["user"]
if user != xform.created_by:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
def get_xform_permissions(self, obj):
if obj:
xform_perms = cache.get(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk))
if xform_perms:
return xform_perms
xform_perms = get_object_users_with_permissions(obj)
cache.set(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms)
return xform_perms
return []
def validate_remove(self, attrs, source):
""" Check and confirm that the project will be left with at least one
owner. Raises a validation error if only one owner found"""
if attrs.get('role') == OwnerRole.name:
results = get_object_users_with_permissions(attrs.get('project'))
# count all the owners
count = len(
[res for res in results if res.get('role') == OwnerRole.name])
if count <= 1:
raise ValidationError(
_(u"Project requires at least one owner"))
def validate_remove(self, attrs, source):
""" Check and confirm that the project will be left with at least one
owner. Raises a validation error if only one owner found"""
if attrs.get('role') == OwnerRole.name:
results = get_object_users_with_permissions(attrs.get('project'))
# count all the owners
count = len([res for res in results
if res.get('role') == OwnerRole.name])
if count <= 1:
raise ValidationError(
_(u"Project requires at least one owner"))
def test_get_object_users_with_permission(self):
alice = self._create_user('alice', 'alice')
org_user = tools.create_organization("modilabs", alice).user
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
users_with_perms = get_object_users_with_permissions(self.xform)
self.assertTrue(org_user in [d['user'] for d in users_with_perms])
self.assertIn('first_name', users_with_perms[0].keys())
self.assertIn('last_name', users_with_perms[0].keys())
self.assertIn('user', users_with_perms[0].keys())
self.assertIn('role', users_with_perms[0].keys())
self.assertIn('gravatar', users_with_perms[0].keys())
self.assertIn('metadata', users_with_perms[0].keys())
self.assertIn('is_org', users_with_perms[0].keys())
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def test_get_object_users_with_permission(self):
"""
Test get_object_users_with_permissions()
"""
alice = self._create_user('alice', 'alice')
UserProfile.objects.get_or_create(user=alice)
org_user = tools.create_organization("modilabs", alice).user
demo_grp = Group.objects.create(name='demo')
alice.groups.add(demo_grp)
self._publish_transportation_form()
EditorRole.add(org_user, self.xform)
EditorRole.add(demo_grp, self.xform)
users_with_perms = get_object_users_with_permissions(
self.xform, with_group_users=True)
self.assertTrue(org_user in [d['user'] for d in users_with_perms])
self.assertTrue(alice in [d['user'] for d in users_with_perms])
users_with_perms_first_keys = list(users_with_perms[0])
self.assertIn('first_name', users_with_perms_first_keys)
self.assertIn('last_name', users_with_perms_first_keys)
self.assertIn('user', users_with_perms_first_keys)
self.assertIn('role', users_with_perms_first_keys)
self.assertIn('gravatar', users_with_perms_first_keys)
self.assertIn('metadata', users_with_perms_first_keys)
self.assertIn('is_org', users_with_perms_first_keys)
def get_project_permissions(self, obj):
return get_object_users_with_permissions(obj)
def get_project_permissions(self, obj):
return get_object_users_with_permissions(obj)
def get_xform_permissions(self, obj):
return get_object_users_with_permissions(obj, serializable=True)
def get_xform_permissions(self, obj):
return get_object_users_with_permissions(obj, serializable=True)
