def delete(self, request, *args, **kwargs): """ Delete a group for a user in a repo """ # Get the user username = self.kwargs.get('username') user = User.objects.get(username=username) # Get the repo group type group_type = self.kwargs.get('group_type') repo_group_type = GroupTypes.get_repo_groupname_by_base(group_type) # Get the repo object repo = Repository.objects.get(slug=self.kwargs['repo_slug']) # if the group is administrators and this user is the last one # forbid to delete if (group_type == BaseGroupTypes.ADMINISTRATORS and is_last_admin_in_repo(user, repo)): return Response( data={ "detail": ("This is the last " "administrator of the repository") }, status=status.HTTP_400_BAD_REQUEST ) remove_user_from_repo_group(user, repo, repo_group_type) return Response(status=status.HTTP_204_NO_CONTENT)
def remove_all_users_from_repo(self): """ Helper method to remove all users from all repo groups. """ # Remove all the users from all the groups in the repo. for user_group in list_users_in_repo(self.repo): user = User.objects.get(username=user_group.username) group_type = GroupTypes.get_repo_groupname_by_base( user_group.group_type) remove_user_from_repo_group(user, self.repo, group_type)
def remove_all_users_from_repo(self): """ Helper method to remove all users from all repo groups. """ # Remove all the users from all the groups in the repo. for user_group in list_users_in_repo(self.repo): user = User.objects.get(username=user_group.username) group_type = GroupTypes.get_repo_groupname_by_base( user_group.group_type ) remove_user_from_repo_group(user, self.repo, group_type)
def test_upload_with_permissions(self): """GET upload page with different user permissions""" def check_user_no_permission(): """ Helper function to check that the user has no permission on the repo """ # user cannot see the repository page self.assert_status_code(self.repository_url_slug, UNAUTHORIZED) # and cannot see the import page self.assert_status_code(self.import_url_slug, UNAUTHORIZED) self.logout() self.login(self.USERNAME_NO_REPO) # user has no permissions at all check_user_no_permission() # user has author permissions assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR) # user can see the repository page self.assert_status_code(self.repository_url_slug, HTTP_OK) # but cannot see the import for the repo self.assert_status_code(self.import_url_slug, UNAUTHORIZED) # user has no permissions remove_user_from_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR) check_user_no_permission() # user has curator permissions assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_CURATOR) # user can see the repository page self.assert_status_code(self.repository_url_slug, HTTP_OK) # and can see the the import for the repo self.assert_status_code(self.import_url_slug, HTTP_OK) # remove curator permissions remove_user_from_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_CURATOR) check_user_no_permission() # user has admin permissions assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_ADMINISTRATOR) # user can see the repository page self.assert_status_code(self.repository_url_slug, HTTP_OK) # and can see the the import for the repo self.assert_status_code(self.import_url_slug, HTTP_OK)
def test_remove_user_from_group(self): """ Test for api.remove_user_from_repo_group """ repo = Repository.objects.create( name=self.repo_name, description=self.repo_desc, created_by=self.user ) admin = Group.objects.get(name=self.group_admin) self.assertIn(self.user, admin.user_set.all()) api.remove_user_from_repo_group( self.user, repo, group_type=GroupTypes.REPO_ADMINISTRATOR ) self.assertNotIn(self.user, admin.user_set.all())
def test_listing_importcourse_perms(self): """ Tests the listing page with different user permissions to check who can see the import course html """ self.logout() self.login(self.USERNAME_NO_REPO) # user has no permissions at all self.assert_status_code(self.repository_url, UNAUTHORIZED) # user has author permissions and cannot see the import for the repo assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR) body = self.assert_status_code(self.repository_url, HTTP_OK, return_body=True) self.assertFalse("Import Course</a>" in body) # user has no permissions remove_user_from_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR) self.assert_status_code(self.repository_url, UNAUTHORIZED) # user has curator permissions and can see the the import for the repo assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_CURATOR) body = self.assert_status_code(self.repository_url, HTTP_OK, return_body=True) self.assertTrue("Import Course</a>" in body) # user has no permissions remove_user_from_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_CURATOR) self.assert_status_code(self.repository_url, UNAUTHORIZED) # user has admin permissions and can see the the import for the repo assign_user_to_repo_group(self.user_norepo, self.repo, GroupTypes.REPO_ADMINISTRATOR) body = self.assert_status_code(self.repository_url, HTTP_OK, return_body=True) self.assertTrue("Import Course</a>" in body)
def test_is_last_admin_in_repo(self): """ Test for is_last_admin_in_repo """ # By default the repo creator is also administrator self.assertTrue( api.is_last_admin_in_repo(self.user, self.repo) ) # Add another user to the administrators. api.assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_ADMINISTRATOR ) self.assertFalse( api.is_last_admin_in_repo(self.user, self.repo) ) # Remove the first user from the administrators. api.remove_user_from_repo_group( self.user, self.repo, GroupTypes.REPO_ADMINISTRATOR ) # Add user to the curators. api.assign_user_to_repo_group( self.user, self.repo, GroupTypes.REPO_CURATOR ) # The user is not the last of the admins because he is not admin self.assertFalse( api.is_last_admin_in_repo(self.user, self.repo) ) # The other user is indeed the last admin self.assertTrue( api.is_last_admin_in_repo(self.user_norepo, self.repo) )
def test_upload_with_permissions(self): """GET upload page with different user permissions""" def check_user_no_permission(): """ Helper function to check that the user has no permission on the repo """ # user cannot see the repository page self.assert_status_code( self.repository_url_slug, UNAUTHORIZED ) # and cannot see the import page self.assert_status_code( self.import_url_slug, UNAUTHORIZED ) self.logout() self.login(self.USERNAME_NO_REPO) # user has no permissions at all check_user_no_permission() # user has author permissions assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) # user can see the repository page self.assert_status_code( self.repository_url_slug, HTTP_OK ) # but cannot see the import for the repo self.assert_status_code( self.import_url_slug, UNAUTHORIZED ) # user has no permissions remove_user_from_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) check_user_no_permission() # user has curator permissions assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_CURATOR ) # user can see the repository page self.assert_status_code( self.repository_url_slug, HTTP_OK ) # and can see the the import for the repo self.assert_status_code( self.import_url_slug, HTTP_OK ) # remove curator permissions remove_user_from_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_CURATOR ) check_user_no_permission() # user has admin permissions assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_ADMINISTRATOR ) # user can see the repository page self.assert_status_code( self.repository_url_slug, HTTP_OK ) # and can see the the import for the repo self.assert_status_code( self.import_url_slug, HTTP_OK )
def test_list_users_in_repo_no_base_group_type_specified(self): """ Test for list_users_in_repo """ self.assertListEqual( api.list_users_in_repo(self.repo), [ UserGroup(self.user.username, BaseGroupTypes.ADMINISTRATORS) ] ) # Remove the user from the administrators. api.remove_user_from_repo_group( self.user, self.repo, GroupTypes.REPO_ADMINISTRATOR ) # No users in the repo. self.assertListEqual( api.list_users_in_repo(self.repo), [] ) # Add user to the curators. api.assign_user_to_repo_group( self.user, self.repo, GroupTypes.REPO_CURATOR ) self.assertListEqual( api.list_users_in_repo(self.repo), [ UserGroup(self.user.username, BaseGroupTypes.CURATORS) ] ) # Add user back to the administrators. api.assign_user_to_repo_group( self.user, self.repo, GroupTypes.REPO_ADMINISTRATOR ) self.assertListEqual( self.sort_user_group( api.list_users_in_repo(self.repo) ), self.sort_user_group( [ UserGroup( self.user.username, BaseGroupTypes.ADMINISTRATORS ), UserGroup( self.user.username, BaseGroupTypes.CURATORS ) ] ) ) # Add another user to the authors. api.assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) self.assertListEqual( self.sort_user_group( api.list_users_in_repo(self.repo) ), self.sort_user_group( [ UserGroup( self.user.username, BaseGroupTypes.ADMINISTRATORS ), UserGroup( self.user.username, BaseGroupTypes.CURATORS ), UserGroup( self.user_norepo.username, BaseGroupTypes.AUTHORS ) ] ) ) # Adding again the same user in the same group # will not create multiple instances. api.assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) self.assertListEqual( self.sort_user_group( api.list_users_in_repo(self.repo) ), self.sort_user_group( [ UserGroup( self.user.username, BaseGroupTypes.ADMINISTRATORS ), UserGroup( self.user.username, BaseGroupTypes.CURATORS ), UserGroup( self.user_norepo.username, BaseGroupTypes.AUTHORS ) ] ) )
def test_listing_importcourse_perms(self): """ Tests the listing page with different user permissions to check who can see the import course html """ self.logout() self.login(self.USERNAME_NO_REPO) # user has no permissions at all self.assert_status_code( self.repository_url, UNAUTHORIZED ) # user has author permissions and cannot see the import for the repo assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) body = self.assert_status_code( self.repository_url, HTTP_OK, return_body=True ) self.assertFalse("Import Course</a>" in body) # user has no permissions remove_user_from_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_AUTHOR ) self.assert_status_code( self.repository_url, UNAUTHORIZED ) # user has curator permissions and can see the the import for the repo assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_CURATOR ) body = self.assert_status_code( self.repository_url, HTTP_OK, return_body=True ) self.assertTrue("Import Course</a>" in body) # user has no permissions remove_user_from_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_CURATOR ) self.assert_status_code( self.repository_url, UNAUTHORIZED ) # user has admin permissions and can see the the import for the repo assign_user_to_repo_group( self.user_norepo, self.repo, GroupTypes.REPO_ADMINISTRATOR ) body = self.assert_status_code( self.repository_url, HTTP_OK, return_body=True ) self.assertTrue("Import Course</a>" in body)