def assign_user_role(instance):
role = get_user_roles(intance)
if role:
if role != instance.role:
remove_role(intance, role)
assign_role(instance, instance.role)
def removerole(name, role):
try:
q = User.objects.get(username=name)
except:
print("No such user exists")
return
Users = User.objects.all()
if (not has_role(q, role) and not q.is_superuser):
print("No such user of that role exists")
return
if (role == "patient"):
search = "doctor"
if (role == "doctor"):
search = "patient"
for each in Users:
if (has_role(each, search) and not each.is_superuser):
p = USERMODEL.objects.get(name=each.username)
jd = json.decoder.JSONDecoder()
if (p.auth is not None):
k = jd.decode(p.auth)
if (name in k):
k.remove(name)
p.auth = json.dumps(k)
p.save()
p = USERMODEL.objects.get(name=name)
p.auth = json.dumps([])
p.type = "Public"
p.legit_doctor = 0
p.save()
remove_role(q, role)
assign_role(q, "public")
def test_only_role_lead_can_change_password(resp_lead_change_pasword, django_user_model, client):
user = django_user_model.objects.first()
assign_role(user, 'member')
remove_role(user, 'lead')
response = client.get(reverse('core:lead_change_password'))
assert response.status_code == 302
def test_remove_role_from_user_with_multiple_roles(self):
"""Ensure that remove_role() only removes the role specified, not all of the user's roles."""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
assign_role(self.user, self.Anesthesiologist)
remove_role(self.user, self.Doctor)
self.assertListEqual([self.Anesthesiologist, self.Surgeon], get_user_roles(self.user))
def test_remove_role_from_user_with_multiple_roles(self):
"""Ensure that remove_role() only removes the role specified, not all of the user's roles."""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
assign_role(self.user, self.Anesthesiologist)
remove_role(self.user, self.Doctor)
self.assertListEqual([self.Anesthesiologist, self.Surgeon], get_user_roles(self.user))
def handle(self, *args, **options):
username = options['username']
role = options['role']
if username and role:
try:
user = User.objects.get(username=username)
remove_role(user, role)
print('success')
except User.DoesNotExist:
print('user does not found')
def promote_to_member(user: User, source: str) -> None:
"""
Promote a user do member. Raises exception in case user is a member
:param user:
"""
if has_role(user, 'member'):
raise UserRoleException('User is already a member')
UserInteraction(category=UserInteraction.BECOME_MEMBER, source=source, user=user).save()
assign_role(user, 'member')
remove_role(user, 'lead')
remove_role(user, 'client')
def promote_to_client(user: User) -> None:
"""
Promote a lead to user. Raises exception in case user is a member
:param user:
"""
if has_role(user, 'member'):
raise UserRoleException('User is already a member')
if has_role(user, 'client'):
raise UserRoleException('User is already a client')
assign_role(user, 'client')
remove_role(user, 'lead')
def role_assign(request, user_id):
if not request.user.is_superuser:
return Response(status=status.HTTP_403_FORBIDDEN)
User = get_user_model()
try:
user = User.objects.get(pk=user_id)
except User.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
if request.method == 'POST':
assign_role(user, 'judge')
elif request.method == 'DELETE':
remove_role(user, 'judge')
return Response(status=status.HTTP_200_OK)
def promote_to_webdev(user: User, source: str) -> None:
"""
Promote a user do webdev. Raises exception in case user is a member
:param user:
"""
if has_role(user, 'member'):
raise UserRoleException('User is already a member')
elif has_role(user, 'bootcamper'):
raise UserRoleException('User is already a bootcamper')
elif has_role(user, 'webdev'):
raise UserRoleException('User is already a webdev')
UserInteraction(category=UserInteraction.BECOME_WEBDEV, source=source, user=user).save()
assign_role(user, 'webdev')
remove_role(user, 'lead')
remove_role(user, 'client')
def delete_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Signal handler that happens after a role removal is done.
The role must be removed only if not correspondent to other programs.
"""
# the reason why this check is "> 0" is because this happens AFTER the delete
# there are no entries for the current value
if Role.objects.filter(role=instance.role).count() > 0:
return
log.debug(
'removing role % for user %s',
instance.role,
instance.user.username,
)
remove_role(instance.user, instance.role)
def delete_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Signal handler that happens after a role removal is done.
The role must be removed only if not correspondent to other programs.
"""
# the reason why this check is "> 0" is because this happens AFTER the delete
# there are no entries for the current value
if Role.objects.filter(role=instance.role).count() > 0:
return
log.debug(
'removing role % for user %s',
instance.role,
instance.user.username,
)
remove_role(instance.user, instance.role)
def save_role_change(request):
users = request.POST.getlist('user')
userslist = []
for u in users:
userslist.append(User.objects.get(id=int(u)))
for u in userslist:
if u.role == 'Voter':
remove_role(u, 'voter')
assign_role(u, 'candidate')
u.role = 'Candidate'
elif u.role == 'Candidate':
remove_role(u, 'candidate')
assign_role(u, 'voter')
u.role = 'Voter'
u.request_role_change = False
u.save()
return HttpResponseRedirect(reverse('polls:changerole'))
def test_remove_role_reinstates_permissions_correctly_scenario_2(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = True
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
remove_role(self.user, self.Doctor)
self.assertTrue(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def test_remove_role_reinstates_permissions_correctly_scenario_2(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = True
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
remove_role(self.user, self.Doctor)
self.assertTrue(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def save_related(self, request, form, formsets, change):
user = UserModel.objects.get(pk=form.instance.pk)
old_user_roles = set(r.get_name() for r in roles.get_user_roles(user))
super(RolePermissionsUserAdminMixin, self).save_related(request, form, formsets, change)
new_user_groups = set(g.name for g in user.groups.all())
for role_name in (old_user_roles - new_user_groups): # roles removed from User's groups
try: # put the recently removed group back, let rolepermissions remove it...
group = Group.objects.get(name=role_name)
user.groups.add(group)
except Group.DoesNotExist:
pass
roles.remove_role(user, role_name)
for group_name in (new_user_groups - old_user_roles): # groups potentially added to User's roles
try:
roles.assign_role(user, group_name)
except roles.RoleDoesNotExist:
pass
def save_related(self, request, form, formsets, change):
user = UserModel.objects.get(pk=form.instance.pk)
old_user_roles = set(r.get_name() for r in roles.get_user_roles(user))
super(UserAdmin, self).save_related(request, form, formsets, change)
new_user_groups = set(g.name for g in user.groups.all())
for role_name in (old_user_roles -
new_user_groups): # roles removed from User's groups
try: # put the recently removed group back, let rolepermissions remove it...
group = Group.objects.get(name=role_name)
user.groups.add(group)
except Group.DoesNotExist:
pass
roles.remove_role(user, role_name)
for group_name in (new_user_groups - old_user_roles):
# groups potentially added to User's roles
try:
roles.assign_role(user, group_name)
except roles.RoleDoesNotExist:
pass
def remove(request):
if request.method == 'GET':
name = request.GET.get('name')
role = request.GET.get('role')
try:
q = User.objects.get(username=name)
except:
print("No such user exists")
return HttpResponseRedirect('/home')
Users = User.objects.all()
if (not has_role(q, role) and not q.is_superuser):
print("No such user of that role exists")
return HttpResponseRedirect('/home')
if (role == "patient"):
search = "doctor"
if (role == "doctor"):
search = "patient"
for each in Users:
if (has_role(each, search) and not each.is_superuser):
p = USERMODEL.objects.get(name=each.username)
jd = json.decoder.JSONDecoder()
if (p.auth is not None):
k = jd.decode(p.auth)
if (name in k):
k.remove(name)
p.auth = json.dumps(k)
p.save()
p = USERMODEL.objects.get(name=name)
p.auth = json.dumps([])
p.type = "Public"
p.legit_doctor = 0
p.save()
remove_role(q, role)
assign_role(q, "public")
return HttpResponseRedirect('/home')
else:
return HttpResponseForbidden()
def test_remove_role_reinstates_permissions_correctly_scenario_5(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Grant permission: operate
Remove role: Surgeon
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
grant_permission(self.user, self.operate)
remove_role(self.user, self.Surgeon)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertFalse(has_permission(self.user, self.operate))
def test_remove_role_reinstates_permissions_correctly_scenario_5(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Grant permission: operate
Remove role: Surgeon
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
grant_permission(self.user, self.operate)
remove_role(self.user, self.Surgeon)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertFalse(has_permission(self.user, self.operate))
def save_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Signal handler that happens before a role assignment is done.
If the the save happens for a modification, the previous role must be removed
if not correspondent to other programs.
Theoretically this is not necessary with the current implementation of the
django-role-permission library.
"""
try:
old_instance = Role.objects.get(pk=instance.pk)
except Role.DoesNotExist:
return
# the reason why this check is "> 1" is because this happens BEFORE the save
# so 1 entry is for the current value
if Role.objects.filter(role=old_instance.role).count() > 1:
return
log.debug(
'removing role % for user %s',
instance.role,
instance.user.username,
)
remove_role(instance.user, old_instance.role)
def edit_roles(request):
for user in User.objects.all():
print(user.username == request.data['user_id'])
target_query = User.objects.filter(username=request.data['user_id'])
if not target_query.exists():
return Response('User not found', status=status.HTTP_404_NOT_FOUND)
target = target_query[0]
action = request.data['action']
role = request.data['role']
# Check if the user is allowed to edit the role of the target
if has_role(target, 'owner') or (has_role(target, 'moderator') and not has_role(request.user, 'owner')):
return Response('Not allowed to change role of target user', status=status.HTTP_403_FORBIDDEN)
if action == 'remove':
remove_role(target, role)
elif action == 'assign':
assign_role(target, role)
else:
return Response('Invalid action', status=status.HTTP_404_NOT_FOUND)
return Response('Success', status=status.HTTP_200_OK)
def save_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument
"""
Signal handler that happens before a role assignment is done.
If the the save happens for a modification, the previous role must be removed
if not correspondent to other programs.
Theoretically this is not necessary with the current implementation of the
django-role-permission library.
"""
try:
old_instance = Role.objects.get(pk=instance.pk)
except Role.DoesNotExist:
return
# the reason why this check is "> 1" is because this happens BEFORE the save
# so 1 entry is for the current value
if Role.objects.filter(role=old_instance.role).count() > 1:
return
log.debug(
'removing role % for user %s',
instance.role,
instance.user.username,
)
remove_role(instance.user, old_instance.role)
def test_remove_role_reinstates_permissions_correctly_scenario_10(self):
"""
Initial Roles:
Doctor
Surgeon
Anesthesiologist
Actions:
Revoke permission: enter_surgery_room
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
assign_role(self.user, self.Anesthesiologist)
revoke_permission(self.user, self.enter_surgery_room)
remove_role(self.user, self.Doctor)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def test_remove_role_reinstates_permissions_correctly_scenario_10(self):
"""
Initial Roles:
Doctor
Surgeon
Anesthesiologist
Actions:
Revoke permission: enter_surgery_room
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
assign_role(self.user, self.Anesthesiologist)
revoke_permission(self.user, self.enter_surgery_room)
remove_role(self.user, self.Doctor)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def test_remove_role_from_user(self):
assign_role(self.user, self.Doctor)
remove_role(self.user, self.Doctor)
self.assertListEqual([], get_user_roles(self.user))
def test_remove_role_user_isnt_assigned_to(self):
remove_role(self.user, self.Doctor)
self.assertListEqual([], get_user_roles(self.user))
def create_access(request):
# Get discord access token corresponding to the code by the auth
data = {
'client_id': config.client_id,
'client_secret': config.client_secret,
'grant_type': 'authorization_code',
'code': request.data['code'],
'redirect_uri': request.data['redirect_uri'],
'scope': 'identify guilds'
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response_access = requests.post('%s/oauth2/token' % API_ENDPOINT, data=data, headers=headers)
# Use the access token to get the guilds the user is part of
if response_access.status_code != 200:
return Response('Bad discord code', status=status.HTTP_400_BAD_REQUEST)
headers = {
"Authorization": ("Bearer " + str(response_access.json()['access_token']))
}
response_guilds = requests.get('%s/users/@me/guilds' % API_ENDPOINT, headers=headers)
if response_guilds.status_code != 200:
return Response('Bad access token', status=status.HTTP_400_BAD_REQUEST)
# A user is allowed a bot access token if he shares at least one guild with the bot
shared_guilds = []
bot_guild_ids = [guild.id for guild in bot.guilds]
for guild in response_guilds.json():
if int(guild['id']) in bot_guild_ids:
shared_guilds.append({'id': guild['id'], 'name': guild['name']})
if len(shared_guilds) == 0:
return Response('User does not share server with bot', status=status.HTTP_403_FORBIDDEN)
response_user = requests.get('%s/users/@me' % API_ENDPOINT, headers=headers)
if response_user.status_code != 200:
return Response('Bad access token', status=status.HTTP_400_BAD_REQUEST)
user_id = response_user.json()['id']
# check if user exists in database, creating one if necessary
query = User.objects.filter(username=user_id)
if not query.exists():
user = User.objects.create_user(username=user_id)
for role in default_roles:
assign_role(user, role)
else:
user = query[0]
# caches the current guilds of a user for a login - use a real caching mechanism if deployed at large scale
user.profile.guilds.clear()
for guild_dict in shared_guilds:
guild = Guild.objects.filter(id=str(guild_dict['id']))[0]
user.profile.guilds.add(guild)
# Check if the owner role status of the user is up to date and edit it if necessary
is_specified_as_owner = user_id in config.bot_owners
is_owner = has_role(user, "owner")
if is_owner and not is_specified_as_owner:
remove_role(user, 'owner')
elif not is_owner and is_specified_as_owner:
assign_role(user, 'owner')
user.save()
# update bot access token
Token.objects.filter(user=user).delete()
token = Token.objects.create(user=user)
# send back bot access token
return Response(token.key, status=status.HTTP_200_OK)
def test_remove_role_user_isnt_assigned_to(self):
remove_role(self.user, self.Doctor)
self.assertListEqual([], get_user_roles(self.user))
def _promote_client(user):
remove_role(user, 'lead')
assign_role(user, 'client')
mailchimp_facade.create_or_update_client(user.first_name, user.email)
def test_remove_role_from_user(self):
assign_role(self.user, self.Doctor)
remove_role(self.user, self.Doctor)
self.assertListEqual([], get_user_roles(self.user))
