Esempio n. 1
0
def test_remove_member_removes_group_to_the_user(session, monkeypatch):  # pylint:disable=unused-argument
    """Assert that accepting an invite adds group to the user."""
    # Create a user in keycloak
    keycloak_service = KeycloakService()
    request = KeycloakScenario.create_user_request()
    keycloak_service.add_user(request, return_if_exists=True)
    kc_user = keycloak_service.get_user_by_username(request.user_name)
    user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))

    # Patch token info
    def token_info():  # pylint: disable=unused-argument; mocks of library methods
        return {
            'sub': str(kc_user.id),
            'username': '******',
            'realm_access': {
                'roles': [
                    'edit'
                ]
            },
            'product_code': ProductCode.BUSINESS.value
        }

    monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
    org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
    # Create another user
    request = KeycloakScenario.create_user_request()
    keycloak_service.add_user(request, return_if_exists=True)
    kc_user2 = keycloak_service.get_user_by_username(request.user_name)
    user2 = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user2.id))

    # Add a membership to the user for the org created
    factory_membership_model(user2.id, org.as_dict().get('id'), member_type='COORDINATOR', member_status=4)

    # Add a product to org
    factory_product_model(org.as_dict().get('id'), product_code=ProductCode.BUSINESS.value)

    # Find the membership and update to ACTIVE
    membership = MembershipService.get_membership_for_org_and_user(org.as_dict().get('id'), user2.id)
    active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.ACTIVE.name)
    updated_fields = {'membership_status': active_membership_status}
    MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())

    user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
    groups = []
    for group in user_groups:
        groups.append(group.get('name'))
    assert GROUP_ACCOUNT_HOLDERS in groups

    # Find the membership and update to INACTIVE
    active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.INACTIVE.name)
    updated_fields = {'membership_status': active_membership_status}
    MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())

    user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
    groups = []
    for group in user_groups:
        groups.append(group.get('name'))
    assert GROUP_ACCOUNT_HOLDERS not in groups
Esempio n. 2
0
    def deactivate_membership(self, token_info: Dict = None):
        """Mark this membership as inactive."""
        current_app.logger.debug('<deactivate_membership')
        # if this is a member removing another member, check that they admin or owner
        if self._model.user.username != token_info.get('username'):
            check_auth(org_id=self._model.org_id,
                       token_info=token_info,
                       one_of_roles=(COORDINATOR, ADMIN))

        # check to ensure that owner isn't removed by anyone but an owner
        if self._model.membership_type == ADMIN:
            check_auth(org_id=self._model.org_id,
                       token_info=token_info,
                       one_of_roles=(ADMIN))

        self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code(
            'INACTIVE')
        current_app.logger.info(
            f'<deactivate_membership for {self._model.user.username}')
        self._model.save()
        # Remove from account_holders group in keycloak
        Membership._add_or_remove_group(self._model)

        current_app.logger.debug('>deactivate_membership')
        return self
Esempio n. 3
0
    def deactivate_membership(self, **kwargs):
        """Mark this membership as inactive."""
        current_app.logger.debug('<deactivate_membership')
        user_from_context: UserContext = kwargs['user_context']
        # if this is a member removing another member, check that they admin or owner
        if self._model.user.username != user_from_context.user_name:
            check_auth(org_id=self._model.org_id,
                       one_of_roles=(COORDINATOR, ADMIN))

        # check to ensure that owner isn't removed by anyone but an owner
        if self._model.membership_type == ADMIN:
            check_auth(org_id=self._model.org_id, one_of_roles=(ADMIN))

        self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code(
            'INACTIVE')
        current_app.logger.info(
            f'<deactivate_membership for {self._model.user.username}')
        self._model.save()
        # Remove from account_holders group in keycloak
        Membership._add_or_remove_group(self._model)
        name = {
            'first_name': self._model.user.firstname,
            'last_name': self._model.user.lastname
        }
        ActivityLogPublisher.publish_activity(
            Activity(self._model.org_id,
                     ActivityAction.REMOVE_TEAM_MEMBER.value,
                     name=json.dumps(name),
                     id=self._model.user.id))
        current_app.logger.debug('>deactivate_membership')
        return self
Esempio n. 4
0
    def deactivate_membership(self, token_info: Dict = None):
        """Mark this membership as inactive."""
        current_app.logger.debug('<deactivate_membership')
        # if this is a member removing another member, check that they admin or owner
        if self._model.user.username != token_info.get('username'):
            check_auth(org_id=self._model.org_id, token_info=token_info, one_of_roles=(ADMIN, OWNER))

        # check to ensure that owner isn't removed by anyone but an owner
        if self._model.membership_type == OWNER:
            check_auth(org_id=self._model.org_id, token_info=token_info, one_of_roles=(OWNER))

        self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code('INACTIVE')
        current_app.logger.info(f'<deactivate_membership for {self._model.user.username}')
        self._model.save()
        self._model.commit()
        current_app.logger.debug('>deactivate_membership')
        return self
Esempio n. 5
0
 def get_membership_status_by_code(name):
     """Get a membership type by the given code."""
     return MembershipStatusCodeModel.get_membership_status_by_code(
         name=name)