def test_remove_team_from_project(self):
self._team_create()
self._publish_xls_form_to_project()
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
tools.add_user_to_team(self.team, user_chuck)
view = TeamViewSet.as_view({
'post': 'share'})
self.assertFalse(EditorRole.user_has_role(user_chuck,
self.project))
data = {'role': EditorRole.name,
'project': self.project.pk}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(EditorRole.user_has_role(user_chuck, self.project))
data = {'role': EditorRole.name,
'project': self.project.pk,
'remove': True}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(EditorRole.user_has_role(user_chuck, self.project))
self.assertFalse(EditorRole.user_has_role(user_chuck, self.xform))
def members(self, request, *args, **kwargs):
team = self.get_object()
data = {}
status_code = status.HTTP_200_OK
if request.method in ['DELETE', 'POST']:
username = request.DATA.get('username') or\
request.QUERY_PARAMS.get('username')
if username:
try:
user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
status_code = status.HTTP_400_BAD_REQUEST
data['username'] = [
_(u"User `%(username)s` does not exist."
% {'username': username})]
else:
if request.method == 'POST':
add_user_to_team(team, user)
elif request.method == 'DELETE':
remove_user_from_team(team, user)
status_code = status.HTTP_201_CREATED
else:
status_code = status.HTTP_400_BAD_REQUEST
data['username'] = [_(u"This field is required.")]
if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
data = [u.username for u in team.user_set.all()]
return Response(data, status=status_code)
def test_team_share(self):
self._team_create()
project = Project.objects.create(name="Test Project",
organization=self.team.organization,
created_by=self.user,
metadata='{}')
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
tools.add_user_to_team(self.team, user_chuck)
view = TeamViewSet.as_view({
'post': 'share'})
ROLES = [ReadOnlyRole,
EditorRole]
for role_class in ROLES:
self.assertFalse(role_class.user_has_role(user_chuck,
project))
data = {'role': role_class.name,
'project': project.pk}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(role_class.user_has_role(user_chuck, project))
def test_team_share(self):
self._team_create()
self._publish_xls_form_to_project()
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
tools.add_user_to_team(self.team, user_chuck)
view = TeamViewSet.as_view({'post': 'share'})
ROLES = [ReadOnlyRole, EditorRole]
for role_class in ROLES:
self.assertFalse(role_class.user_has_role(user_chuck,
self.project))
data = {'role': role_class.name, 'project': self.project.pk}
request = self.factory.post('/',
data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(role_class.user_has_role(user_chuck, self.project))
self.assertTrue(role_class.user_has_role(user_chuck, self.xform))
def members(self, request, *args, **kwargs):
team = self.get_object()
data = {}
status_code = status.HTTP_200_OK
if request.method in ['DELETE', 'POST']:
username = request.DATA.get('username') or\
request.QUERY_PARAMS.get('username')
if username:
try:
user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
status_code = status.HTTP_400_BAD_REQUEST
data['username'] = [
_(u"User `%(username)s` does not exist."
% {'username': username})]
else:
if request.method == 'POST':
add_user_to_team(team, user)
elif request.method == 'DELETE':
remove_user_from_team(team, user)
status_code = status.HTTP_201_CREATED
else:
status_code = status.HTTP_400_BAD_REQUEST
data['username'] = [_(u"This field is required.")]
if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
data = [u.username for u in team.user_set.all()]
return Response(data, status=status_code)
def test_assign_user_to_team(self):
# create the organization
organization = self._create_organization("modilabs", self.user)
user_deno = self._create_user("deno", "deno")
# create another team
team_name = "managers"
team = tools.create_organization_team(organization, team_name)
tools.add_user_to_team(team, user_deno)
self.assertIn(team.group_ptr, user_deno.groups.all())
def test_assign_user_to_team(self):
# create the organization
organization = self._create_organization("modilabs", self.user)
user_deno = self._create_user('deno', 'deno')
# create another team
team_name = 'managers'
team = tools.create_organization_team(organization, team_name)
tools.add_user_to_team(team, user_deno)
self.assertIn(team.group_ptr, user_deno.groups.all())
def test_team_members_meta_perms_restrictions(self):
self._team_create()
self._publish_xls_form_to_project()
user_alice = self._create_user('alice', 'alice')
members_team = Team.objects.get(
name='%s#%s' % (self.organization.user.username, 'members'))
# add alice to members team
add_user_to_team(members_team, user_alice)
# confirm that the team and members have no permissions on form
self.assertFalse(get_perms(members_team, self.xform))
self.assertFalse(get_perms(user_alice, self.xform))
# share project to team
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
post_data = {
'role': EditorRole.name,
'project': self.project.pk,
'remove': False
}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request, pk=members_team.pk)
self.assertEqual(response.status_code, 204)
# team members should have editor permissions now
alice_perms = get_perms(user_alice, self.xform)
alice_role = get_role(alice_perms, self.xform)
self.assertEqual(EditorRole.name, alice_role)
self.assertTrue(EditorRole.user_has_role(user_alice, self.xform))
# change meta permissions
meta_view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = meta_view(request)
self.assertEqual(response.status_code, 201)
# members should now have EditorMinor role
self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def _set_organization_role_to_user(organization, user, role):
role_cls = ROLES.get(role)
role_cls.add(user, organization)
owners_team = get_organization_owners_team(organization)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
def test_team_members_meta_perms_restrictions(self):
self._team_create()
self._publish_xls_form_to_project()
user_alice = self._create_user('alice', 'alice')
members_team = Team.objects.get(
name='%s#%s' % (self.organization.user.username, 'members'))
# add alice to members team
add_user_to_team(members_team, user_alice)
# confirm that the team and members have no permissions on form
self.assertFalse(get_perms(members_team, self.xform))
self.assertFalse(get_perms(user_alice, self.xform))
# share project to team
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
post_data = {
'role': EditorRole.name,
'project': self.project.pk,
'remove': False
}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request, pk=members_team.pk)
self.assertEqual(response.status_code, 204)
# team members should have editor permissions now
alice_perms = get_perms(user_alice, self.xform)
alice_role = get_role(alice_perms, self.xform)
self.assertEqual(EditorRole.name, alice_role)
self.assertTrue(EditorRole.user_has_role(user_alice, self.xform))
# change meta permissions
meta_view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = meta_view(request)
self.assertEqual(response.status_code, 201)
# members should now have EditorMinor role
self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def test_add_project_perms_to_team(self):
# create an org, user, team
organization = self._create_organization("test org", self.user)
user_deno = self._create_user('deno', 'deno')
# add a member to the team
team = tools.create_organization_team(organization, "test team")
tools.add_user_to_team(team, user_deno)
project = Project.objects.create(name="Test Project",
organization=organization,
created_by=user_deno,
metadata='{}')
# confirm that the team has no permissions
self.assertFalse(team.groupobjectpermission_set.all())
# set DataEntryRole role of project on team
DataEntryRole.add(team, project)
content_type = ContentType.objects.get(
model=project.__class__.__name__.lower(),
app_label=project.__class__._meta.app_label)
object_permissions = team.groupobjectpermission_set.filter(
object_pk=project.pk, content_type=content_type)
permission_names = sorted(
[p.permission.codename for p in object_permissions])
self.assertEqual([
CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT
], permission_names)
self.assertEqual(get_team_project_default_permissions(team, project),
DataEntryRole.name)
# Add a new user
user_sam = self._create_user('Sam', 'sammy_')
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
# Add the user to the group
tools.add_user_to_team(team, user_sam)
# assert that team member has default perm set on team
self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project))
# assert that removing team member revokes perms
tools.remove_user_from_team(team, user_sam)
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _set_organization_role_to_user(organization, user, role):
role_cls = ROLES.get(role)
role_cls.add(user, organization)
owners_team = get_organization_owners_team(organization)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
# add user to org projects
for project in organization.user.project_org.all():
ShareProject(project, user.username, role).save()
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
def test_team_share_members(self):
self._team_create()
project = Project.objects.create(name="Test Project",
organization=self.team.organization,
created_by=self.user,
metadata='{}')
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
get_data = {'org': 'denoinc'}
request = self.factory.get('/', data=get_data, **self.extra)
response = view(request)
# get the members team
self.assertEquals(response.data[1].get('name'), 'members')
teamid = response.data[1].get('teamid')
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
self.team = Team.objects.get(pk=teamid)
tools.add_user_to_team(self.team, user_chuck)
self.assertFalse(EditorRole.user_has_role(user_chuck,
project))
post_data = {'role': EditorRole.name,
'project': project.pk,
'remove': False,
'org': 'denoinc'}
request = self.factory.post(
'/', data=post_data, **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(EditorRole.user_has_role(user_chuck, project))
view = ProjectViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = view(request, pk=project.pk)
self.assertNotEqual(response.get('Cache-Control'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data.get('users')), 2)
def test_team_share_members(self):
self._team_create()
project = Project.objects.create(name="Test Project",
organization=self.team.organization,
created_by=self.user,
metadata='{}')
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
get_data = {'org': 'denoinc'}
request = self.factory.get('/', data=get_data, **self.extra)
response = view(request)
# get the members team
self.assertEquals(response.data[1].get('name'), 'members')
teamid = response.data[1].get('teamid')
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
self.team = Team.objects.get(pk=teamid)
tools.add_user_to_team(self.team, user_chuck)
self.assertFalse(EditorRole.user_has_role(user_chuck,
project))
post_data = {'role': EditorRole.name,
'project': project.pk,
'remove': False,
'org': 'denoinc'}
request = self.factory.post(
'/', data=post_data, **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(EditorRole.user_has_role(user_chuck, project))
view = ProjectViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = view(request, pk=project.pk)
self.assertNotEqual(response.get('Cache-Control'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data.get('users')), 2)
def test_add_project_perms_to_team(self):
# create an org, user, team
organization = self._create_organization("test org", self.user)
user_deno = self._create_user("deno", "deno")
# add a member to the team
team = tools.create_organization_team(organization, "test team")
tools.add_user_to_team(team, user_deno)
project = Project.objects.create(
name="Test Project", organization=organization, created_by=user_deno, metadata="{}"
)
# confirm that the team has no permissions
self.assertFalse(team.groupobjectpermission_set.all())
# set DataEntryRole role of project on team
DataEntryRole.add(team, project)
content_type = ContentType.objects.get(
model=project.__class__.__name__.lower(), app_label=project.__class__._meta.app_label
)
object_permissions = team.groupobjectpermission_set.filter(object_pk=project.pk, content_type=content_type)
permission_names = sorted([p.permission.codename for p in object_permissions])
self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT], permission_names)
self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name)
# Add a new user
user_sam = self._create_user("Sam", "sammy_")
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
# Add the user to the group
tools.add_user_to_team(team, user_sam)
# assert that team member has default perm set on team
self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project))
# assert that removing team member revokes perms
tools.remove_user_from_team(team, user_sam)
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False):
"""
Confirms the role and assigns the role to the organization
"""
role = request.data.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
if required:
message = (_(u"'%s' is not a valid role." %
role) if role else _(u"This field is required."))
else:
message = _(u"'%s' is not a valid role." % role)
return status.HTTP_400_BAD_REQUEST, {'role': [message]}
else:
data, status_code = _update_username_role(organization, username,
role_cls)
if status_code not in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
return (status_code, data)
owners_team = get_organization_owners_team(organization)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
data = {
'username': [
_(u"User `%(username)s` does not exist." %
{'username': username})
]
}
return (status.HTTP_400_BAD_REQUEST, data)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
return (status.HTTP_200_OK, []) if request.method == 'PUT' \
else (status.HTTP_201_CREATED, [])
def test_add_project_perms_to_team(self):
# create an org, user, team
organization = self._create_organization("test org", self.user)
user_deno = self._create_user('deno', 'deno')
# add a member to the team
team = tools.create_organization_team(organization, "test team")
tools.add_user_to_team(team, user_deno)
project = Project.objects.create(name="Test Project",
organization=organization,
created_by=user_deno,
metadata='{}')
# confirm that the team has no permissions on project
self.assertFalse(get_perms(team, project))
# set DataEntryRole role of project on team
DataEntryRole.add(team, project)
self.assertEqual([
CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT,
CAN_VIEW_PROJECT_ALL, CAN_VIEW_PROJECT_DATA
], sorted(get_perms(team, project)))
self.assertEqual(get_team_project_default_permissions(team, project),
DataEntryRole.name)
# Add a new user
user_sam = self._create_user('Sam', 'sammy_')
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
# Add the user to the group
tools.add_user_to_team(team, user_sam)
# assert that team member has default perm set on team
self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project))
# assert that removing team member revokes perms
tools.remove_user_from_team(team, user_sam)
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def test_add_project_perms_to_team(self):
# create an org, user, team
organization = self._create_organization("test org", self.user)
user_deno = self._create_user('deno', 'deno')
# add a member to the team
team = tools.create_organization_team(organization, "test team")
tools.add_user_to_team(team, user_deno)
project = Project.objects.create(name="Test Project",
organization=organization,
created_by=user_deno,
metadata='{}')
# confirm that the team has no permissions on project
self.assertFalse(get_perms(team, project))
# set DataEntryRole role of project on team
DataEntryRole.add(team, project)
self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT,
CAN_VIEW_PROJECT, CAN_VIEW_PROJECT_ALL,
CAN_VIEW_PROJECT_DATA],
sorted(get_perms(team, project)))
self.assertEqual(get_team_project_default_permissions(team, project),
DataEntryRole.name)
# Add a new user
user_sam = self._create_user('Sam', 'sammy_')
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
# Add the user to the group
tools.add_user_to_team(team, user_sam)
# assert that team member has default perm set on team
self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project))
# assert that removing team member revokes perms
tools.remove_user_from_team(team, user_sam)
self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project))
self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False):
"""
Confirms the role and assigns the role to the organization
"""
role = request.DATA.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
if required:
message = (_(u"'%s' is not a valid role." % role) if role
else _(u"This field is required."))
else:
message = _(u"'%s' is not a valid role." % role)
return status.HTTP_400_BAD_REQUEST, {'role': [message]}
else:
_update_username_role(organization, username, role_cls)
owners_team = get_organization_owners_team(organization)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
data = {'username': [_(u"User `%(username)s` does not exist."
% {'username': username})]}
return (status.HTTP_400_BAD_REQUEST, data)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
return (status.HTTP_200_OK, []) if request.method == 'PUT' \
else (status.HTTP_201_CREATED, [])
def test_remove_team_from_project(self):
self._team_create()
project = Project.objects.create(name="Test Project",
organization=self.team.organization,
created_by=self.user,
metadata='{}')
chuck_data = {'username': '******', 'email': '*****@*****.**'}
chuck_profile = self._create_user_profile(chuck_data)
user_chuck = chuck_profile.user
tools.add_user_to_team(self.team, user_chuck)
view = TeamViewSet.as_view({
'post': 'share'})
self.assertFalse(EditorRole.user_has_role(user_chuck,
project))
data = {'role': EditorRole.name,
'project': project.pk}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertTrue(EditorRole.user_has_role(user_chuck, project))
data = {'role': EditorRole.name,
'project': project.pk,
'remove': True}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, pk=self.team.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(EditorRole.user_has_role(user_chuck, project))
