def test_remove_team_from_project(self): self._team_create() self._publish_xls_form_to_project() chuck_data = {'username': '******', 'email': '*****@*****.**'} chuck_profile = self._create_user_profile(chuck_data) user_chuck = chuck_profile.user tools.add_user_to_team(self.team, user_chuck) view = TeamViewSet.as_view({ 'post': 'share'}) self.assertFalse(EditorRole.user_has_role(user_chuck, self.project)) data = {'role': EditorRole.name, 'project': self.project.pk} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertTrue(EditorRole.user_has_role(user_chuck, self.project)) data = {'role': EditorRole.name, 'project': self.project.pk, 'remove': True} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertFalse(EditorRole.user_has_role(user_chuck, self.project)) self.assertFalse(EditorRole.user_has_role(user_chuck, self.xform))
def members(self, request, *args, **kwargs): team = self.get_object() data = {} status_code = status.HTTP_200_OK if request.method in ['DELETE', 'POST']: username = request.DATA.get('username') or\ request.QUERY_PARAMS.get('username') if username: try: user = User.objects.get(username__iexact=username) except User.DoesNotExist: status_code = status.HTTP_400_BAD_REQUEST data['username'] = [ _(u"User `%(username)s` does not exist." % {'username': username})] else: if request.method == 'POST': add_user_to_team(team, user) elif request.method == 'DELETE': remove_user_from_team(team, user) status_code = status.HTTP_201_CREATED else: status_code = status.HTTP_400_BAD_REQUEST data['username'] = [_(u"This field is required.")] if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]: data = [u.username for u in team.user_set.all()] return Response(data, status=status_code)
def test_team_share(self): self._team_create() project = Project.objects.create(name="Test Project", organization=self.team.organization, created_by=self.user, metadata='{}') chuck_data = {'username': '******', 'email': '*****@*****.**'} chuck_profile = self._create_user_profile(chuck_data) user_chuck = chuck_profile.user tools.add_user_to_team(self.team, user_chuck) view = TeamViewSet.as_view({ 'post': 'share'}) ROLES = [ReadOnlyRole, EditorRole] for role_class in ROLES: self.assertFalse(role_class.user_has_role(user_chuck, project)) data = {'role': role_class.name, 'project': project.pk} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertTrue(role_class.user_has_role(user_chuck, project))
def test_team_share(self): self._team_create() self._publish_xls_form_to_project() chuck_data = {'username': '******', 'email': '*****@*****.**'} chuck_profile = self._create_user_profile(chuck_data) user_chuck = chuck_profile.user tools.add_user_to_team(self.team, user_chuck) view = TeamViewSet.as_view({'post': 'share'}) ROLES = [ReadOnlyRole, EditorRole] for role_class in ROLES: self.assertFalse(role_class.user_has_role(user_chuck, self.project)) data = {'role': role_class.name, 'project': self.project.pk} request = self.factory.post('/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertTrue(role_class.user_has_role(user_chuck, self.project)) self.assertTrue(role_class.user_has_role(user_chuck, self.xform))
def test_assign_user_to_team(self): # create the organization organization = self._create_organization("modilabs", self.user) user_deno = self._create_user("deno", "deno") # create another team team_name = "managers" team = tools.create_organization_team(organization, team_name) tools.add_user_to_team(team, user_deno) self.assertIn(team.group_ptr, user_deno.groups.all())
def test_assign_user_to_team(self): # create the organization organization = self._create_organization("modilabs", self.user) user_deno = self._create_user('deno', 'deno') # create another team team_name = 'managers' team = tools.create_organization_team(organization, team_name) tools.add_user_to_team(team, user_deno) self.assertIn(team.group_ptr, user_deno.groups.all())
def test_team_members_meta_perms_restrictions(self): self._team_create() self._publish_xls_form_to_project() user_alice = self._create_user('alice', 'alice') members_team = Team.objects.get( name='%s#%s' % (self.organization.user.username, 'members')) # add alice to members team add_user_to_team(members_team, user_alice) # confirm that the team and members have no permissions on form self.assertFalse(get_perms(members_team, self.xform)) self.assertFalse(get_perms(user_alice, self.xform)) # share project to team view = TeamViewSet.as_view({ 'get': 'list', 'post': 'share'}) post_data = { 'role': EditorRole.name, 'project': self.project.pk, 'remove': False } request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=members_team.pk) self.assertEqual(response.status_code, 204) # team members should have editor permissions now alice_perms = get_perms(user_alice, self.xform) alice_role = get_role(alice_perms, self.xform) self.assertEqual(EditorRole.name, alice_role) self.assertTrue(EditorRole.user_has_role(user_alice, self.xform)) # change meta permissions meta_view = MetaDataViewSet.as_view({ 'post': 'create', 'put': 'update' }) data = { 'data_type': XFORM_META_PERMS, 'data_value': 'editor-minor|dataentry', 'xform': self.xform.pk } request = self.factory.post('/', data, **self.extra) response = meta_view(request) self.assertEqual(response.status_code, 201) # members should now have EditorMinor role self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions self.assertFalse(team.groupobjectpermission_set.all()) # set DataEntryRole role of project on team DataEntryRole.add(team, project) content_type = ContentType.objects.get( model=project.__class__.__name__.lower(), app_label=project.__class__._meta.app_label) object_permissions = team.groupobjectpermission_set.filter( object_pk=project.pk, content_type=content_type) permission_names = sorted( [p.permission.codename for p in object_permissions]) self.assertEqual([ CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT ], permission_names) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) # add user to org projects for project in organization.user.project_org.all(): ShareProject(project, user.username, role).save() if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def test_team_share_members(self): self._team_create() project = Project.objects.create(name="Test Project", organization=self.team.organization, created_by=self.user, metadata='{}') view = TeamViewSet.as_view({ 'get': 'list', 'post': 'share'}) get_data = {'org': 'denoinc'} request = self.factory.get('/', data=get_data, **self.extra) response = view(request) # get the members team self.assertEquals(response.data[1].get('name'), 'members') teamid = response.data[1].get('teamid') chuck_data = {'username': '******', 'email': '*****@*****.**'} chuck_profile = self._create_user_profile(chuck_data) user_chuck = chuck_profile.user self.team = Team.objects.get(pk=teamid) tools.add_user_to_team(self.team, user_chuck) self.assertFalse(EditorRole.user_has_role(user_chuck, project)) post_data = {'role': EditorRole.name, 'project': project.pk, 'remove': False, 'org': 'denoinc'} request = self.factory.post( '/', data=post_data, **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertTrue(EditorRole.user_has_role(user_chuck, project)) view = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = view(request, pk=project.pk) self.assertNotEqual(response.get('Cache-Control'), None) self.assertEqual(response.status_code, 200) self.assertEqual(len(response.data.get('users')), 2)
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user("deno", "deno") # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create( name="Test Project", organization=organization, created_by=user_deno, metadata="{}" ) # confirm that the team has no permissions self.assertFalse(team.groupobjectpermission_set.all()) # set DataEntryRole role of project on team DataEntryRole.add(team, project) content_type = ContentType.objects.get( model=project.__class__.__name__.lower(), app_label=project.__class__._meta.app_label ) object_permissions = team.groupobjectpermission_set.filter(object_pk=project.pk, content_type=content_type) permission_names = sorted([p.permission.codename for p in object_permissions]) self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT], permission_names) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user("Sam", "sammy_") self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.data.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: data, status_code = _update_username_role(organization, username, role_cls) if status_code not in [status.HTTP_200_OK, status.HTTP_201_CREATED]: return (status_code, data) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = { 'username': [ _(u"User `%(username)s` does not exist." % {'username': username}) ] } return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions on project self.assertFalse(get_perms(team, project)) # set DataEntryRole role of project on team DataEntryRole.add(team, project) self.assertEqual([ CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT, CAN_VIEW_PROJECT_ALL, CAN_VIEW_PROJECT_DATA ], sorted(get_perms(team, project))) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions on project self.assertFalse(get_perms(team, project)) # set DataEntryRole role of project on team DataEntryRole.add(team, project) self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT, CAN_VIEW_PROJECT_ALL, CAN_VIEW_PROJECT_DATA], sorted(get_perms(team, project))) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.DATA.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: _update_username_role(organization, username, role_cls) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = {'username': [_(u"User `%(username)s` does not exist." % {'username': username})]} return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])
def test_remove_team_from_project(self): self._team_create() project = Project.objects.create(name="Test Project", organization=self.team.organization, created_by=self.user, metadata='{}') chuck_data = {'username': '******', 'email': '*****@*****.**'} chuck_profile = self._create_user_profile(chuck_data) user_chuck = chuck_profile.user tools.add_user_to_team(self.team, user_chuck) view = TeamViewSet.as_view({ 'post': 'share'}) self.assertFalse(EditorRole.user_has_role(user_chuck, project)) data = {'role': EditorRole.name, 'project': project.pk} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertTrue(EditorRole.user_has_role(user_chuck, project)) data = {'role': EditorRole.name, 'project': project.pk, 'remove': True} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, pk=self.team.pk) self.assertEqual(response.status_code, 204) self.assertFalse(EditorRole.user_has_role(user_chuck, project))