def factory_membersip_model(session): """Produce a templated org model.""" user = factory_user_model() org_type = OrgTypeModel(code='TEST', description='Test') session.add(org_type) session.commit() org_status = OrgStatusModel(code='TEST', description='Test') session.add(org_status) session.commit() preferred_payment = PaymentTypeModel(code='TEST', description='Test') session.add(preferred_payment) session.commit() org = OrgModel(name='Test Org') org.org_type = org_type org.org_status = OrgStatusModel.get_default_status() org.preferred_payment = preferred_payment org.save() membership = MembershipModel(org_id=org.id, user_id=user.id, membership_type_code=ADMIN, status=1) membership.save() return membership
def _add_org_membership(org_id, user_id, membership_type): membership = MembershipModel( org_id=org_id, user_id=user_id, membership_type_code=membership_type, membership_type_status=Status.ACTIVE.value) membership.save()
def test_delete_user_is_member_returns_204(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Test if the user is the member of a team assert status is 204.""" user_model = factory_user_model(user_info=TestUserInfo.user_test) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model contact_link.commit() org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id) org_dictionary = org.as_dict() org_id = org_dictionary['id'] entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock) affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id) affiliation.save() user_model2 = factory_user_model(user_info=TestUserInfo.user2) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model2 contact_link.commit() membership = MembershipModel(org_id=org_id, user_id=user_model2.id, membership_type_code='MEMBER', membership_type_status=Status.ACTIVE.value) membership.save() claims = copy.deepcopy(TestJwtClaims.public_user_role.value) claims['sub'] = str(user_model2.keycloak_guid) headers = factory_auth_header(jwt=jwt, claims=claims) rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def accept_invitation(invitation_id, user: UserService, origin, add_membership: bool = True, token_info: Dict = None): """Add user, role and org from the invitation to membership.""" current_app.logger.debug('>accept_invitation') invitation: InvitationModel = InvitationModel.find_invitation_by_id(invitation_id) if invitation is None: raise BusinessException(Error.DATA_NOT_FOUND, None) if invitation.invitation_status_code == 'ACCEPTED': raise BusinessException(Error.ACTIONED_INVITATION, None) if invitation.invitation_status_code == 'EXPIRED': raise BusinessException(Error.EXPIRED_INVITATION, None) if getattr(token_info, 'loginSource', None) is not None: # bcros comes with out token login_source = token_info.get('loginSource', None) if invitation.login_source != login_source: raise BusinessException(Error.INVALID_USER_CREDENTIALS, None) if add_membership: for membership in invitation.membership: membership_model = MembershipModel() membership_model.org_id = membership.org_id membership_model.user_id = user.identifier membership_model.membership_type = membership.membership_type # check to ensure an invitation for this user/org has not already been processed existing_membership = MembershipService \ .get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id) if existing_membership: raise BusinessException(Error.DATA_ALREADY_EXISTS, None) org_model: OrgModel = OrgModel.find_by_org_id(membership.org_id) # GOVM users gets direct approval since they are IDIR users. membership_model.status = Invitation._get_status_based_on_org(org_model) membership_model.save() try: Invitation.notify_admin(user, invitation_id, membership_model.id, origin) except BusinessException as exception: current_app.logger.error('<send_notification_to_admin failed', exception.message) invitation.accepted_date = datetime.now() invitation.invitation_status = InvitationStatusModel.get_status_by_code('ACCEPTED') invitation.save() # Call keycloak to add the user to the group. if user: group_name: str = KeycloakService.join_users_group(token_info) KeycloakService.join_account_holders_group(user.keycloak_guid) if group_name == GROUP_GOV_ACCOUNT_USERS: # TODO Remove this if gov account users needs Terms of Use. tos_document = DocumentsModel.fetch_latest_document_by_type(DocumentType.TERMS_OF_USE.value) user.update_terms_of_use(token_info, True, tos_document.version_id) # Add contact to the user. user.add_contact(token_info, dict(email=token_info.get('email', None))) current_app.logger.debug('<accept_invitation') return Invitation(invitation)
def accept_invitation(invitation_id, user, origin, add_membership: bool = True): """Add user, role and org from the invitation to membership.""" current_app.logger.debug('>accept_invitation') invitation: InvitationModel = InvitationModel.find_invitation_by_id( invitation_id) if invitation is None: raise BusinessException(Error.DATA_NOT_FOUND, None) if invitation.invitation_status_code == 'ACCEPTED': raise BusinessException(Error.ACTIONED_INVITATION, None) if invitation.invitation_status_code == 'EXPIRED': raise BusinessException(Error.EXPIRED_INVITATION, None) if add_membership: for membership in invitation.membership: membership_model = MembershipModel() membership_model.org_id = membership.org_id membership_model.user_id = user.identifier membership_model.membership_type = membership.membership_type # check to ensure an invitation for this user/org has not already been processed existing_membership = MembershipService \ .get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id) if existing_membership: raise BusinessException(Error.DATA_ALREADY_EXISTS, None) # user needs to get approval is_auto_approval = OrgSettingsModel.is_admin_auto_approved_invitees( membership.org_id) if is_auto_approval: membership_model.status = Status.ACTIVE.value else: membership_model.status = Status.PENDING_APPROVAL.value membership_model.save() if not is_auto_approval: try: Invitation.notify_admin(user, invitation_id, membership_model.id, origin) except BusinessException as exception: current_app.logger.error( '<send_notification_to_admin failed', exception.message) invitation.accepted_date = datetime.now() invitation.invitation_status = InvitationStatusModel.get_status_by_code( 'ACCEPTED') invitation.save() current_app.logger.debug('<accept_invitation') return Invitation(invitation)
def accept_invitation(invitation_id, user, origin, add_membership: bool = True, token_info: Dict = None): """Add user, role and org from the invitation to membership.""" current_app.logger.debug('>accept_invitation') invitation: InvitationModel = InvitationModel.find_invitation_by_id( invitation_id) if invitation is None: raise BusinessException(Error.DATA_NOT_FOUND, None) if invitation.invitation_status_code == 'ACCEPTED': raise BusinessException(Error.ACTIONED_INVITATION, None) if invitation.invitation_status_code == 'EXPIRED': raise BusinessException(Error.EXPIRED_INVITATION, None) if getattr(token_info, 'loginSource', None) is not None: # bcros comes with out token login_source = token_info.get('loginSource', None) if invitation.login_source != login_source: raise BusinessException(Error.INVALID_USER_CREDENTIALS, None) if add_membership: for membership in invitation.membership: membership_model = MembershipModel() membership_model.org_id = membership.org_id membership_model.user_id = user.identifier membership_model.membership_type = membership.membership_type # check to ensure an invitation for this user/org has not already been processed existing_membership = MembershipService \ .get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id) if existing_membership: raise BusinessException(Error.DATA_ALREADY_EXISTS, None) membership_model.status = Status.PENDING_APPROVAL.value membership_model.save() try: Invitation.notify_admin(user, invitation_id, membership_model.id, origin) except BusinessException as exception: current_app.logger.error( '<send_notification_to_admin failed', exception.message) invitation.accepted_date = datetime.now() invitation.invitation_status = InvitationStatusModel.get_status_by_code( 'ACCEPTED') invitation.save() current_app.logger.debug('<accept_invitation') return Invitation(invitation)
def test_get_count_active_owner_org_id_multiple(session): # pylint:disable=unused-argument """Assert that an Org can be updated from a dictionary.""" membership1 = factory_membersip_model(session) user2 = factory_user_model(TestUserInfo.user2) membership2 = MembershipModel(org_id=membership1.org_id, user_id=user2.id, membership_type_code=ADMIN, status=1) membership2.save() assert MembershipModel.get_count_active_owner_org_id( membership2.org_id) == 2
def create_org(org_info: dict, user_id): """Create a new organization.""" current_app.logger.debug('<create_org ') existing_similar__org = OrgModel.find_similar_org_by_name(org_info['name']) if existing_similar__org is not None: raise BusinessException(Error.DATA_CONFLICT, None) org = OrgModel.create_from_dict(camelback2snake(org_info)) org.save() current_app.logger.info(f'<created_org org_id:{org.id}') # create the membership record for this user membership = MembershipModel(org_id=org.id, user_id=user_id, membership_type_code='OWNER', membership_type_status=Status.ACTIVE.value) membership.save() return Org(org)
def test_delete_user_where_org_has_another_owner(session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument """Assert that a user can be deleted.""" # Create a user and org user_model = factory_user_model(user_info=TestUserInfo.user_test) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model contact_link.commit() patch_token_info(TestJwtClaims.get_test_user(user_model.keycloak_guid), monkeypatch) org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id) org_dictionary = org.as_dict() org_id = org_dictionary['id'] entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock) affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id) affiliation.save() # Create another user and add membership to the above org user_model2 = factory_user_model(user_info=TestUserInfo.user2) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model2 contact_link.commit() membership = MembershipModel(org_id=org_id, user_id=user_model2.id, membership_type_code='ADMIN', membership_type_status=Status.ACTIVE.value) membership.save() membership.commit() # with pytest.raises(BusinessException) as exception: patch_token_info(TestJwtClaims.get_test_user(user_model2.keycloak_guid), monkeypatch) UserService.delete_user() updated_user = UserModel.find_by_jwt_token() assert len(updated_user.contacts) == 0 user_orgs = MembershipModel.find_orgs_for_user(updated_user.id) for org in user_orgs: assert org.status_code == 'INACTIVE'
def create_org(org_info: dict, user_id, token_info: Dict = None): """Create a new organization.""" current_app.logger.debug('<create_org ') is_staff_admin = token_info and 'staff_admin' in token_info.get( 'realm_access').get('roles') if not is_staff_admin: # staff can create any number of orgs count = OrgModel.get_count_of_org_created_by_user_id(user_id) if count >= current_app.config.get('MAX_NUMBER_OF_ORGS'): raise BusinessException(Error.MAX_NUMBER_OF_ORGS_LIMIT, None) if org_info.get('accessType', None) == AccessType.ANONYMOUS.value: raise BusinessException(Error.USER_CANT_CREATE_ANONYMOUS_ORG, None) existing_similar__org = OrgModel.find_similar_org_by_name( org_info['name']) if existing_similar__org is not None: raise BusinessException(Error.DATA_CONFLICT, None) org = OrgModel.create_from_dict(camelback2snake(org_info)) if is_staff_admin: org.access_type = AccessType.ANONYMOUS.value org.billable = False else: org.access_type = AccessType.BCSC.value org.billable = True org.save() current_app.logger.info(f'<created_org org_id:{org.id}') # create the membership record for this user if its not created by staff and access_type is anonymous if not is_staff_admin and org_info.get( 'access_type') != AccessType.ANONYMOUS: membership = MembershipModel( org_id=org.id, user_id=user_id, membership_type_code='OWNER', membership_type_status=Status.ACTIVE.value) membership.save() # Add the user to account_holders group KeycloakService.join_account_holders_group() # TODO Remove later, create payment settings now with default values AccountPaymentModel.create_from_dict({'org_id': org.id}) return Org(org)
def accept_invitation(invitation_id, user, origin): """Add user, role and org from the invitation to membership.""" current_app.logger.debug('>accept_invitation') invitation: InvitationModel = InvitationModel.find_invitation_by_id( invitation_id) if invitation is None: raise BusinessException(Error.DATA_NOT_FOUND, None) if invitation.invitation_status_code == 'ACCEPTED': raise BusinessException(Error.ACTIONED_INVITATION, None) if invitation.invitation_status_code == 'EXPIRED': raise BusinessException(Error.EXPIRED_INVITATION, None) # TODO : isnt this only one?remove for loop for membership in invitation.membership: membership_model = MembershipModel() membership_model.org_id = membership.org_id membership_model.user_id = user.identifier membership_model.membership_type = membership.membership_type # user needs to get approval is_auto_approval = OrgSettingsModel.is_admin_auto_approved_invitees( membership.org_id) if is_auto_approval: membership_model.status = Status.ACTIVE.value else: membership_model.status = Status.PENDING_APPROVAL.value membership_model.save() if not is_auto_approval: try: Invitation.notify_admin(user, invitation_id, membership_model.id, origin) except BusinessException as exception: current_app.logger.error( '<send_notification_to_admin failed', exception.message) invitation.accepted_date = datetime.now() invitation.invitation_status = InvitationStatusModel.get_status_by_code( 'ACCEPTED') invitation.save() current_app.logger.debug('<accept_invitation') return Invitation(invitation)