def __remove_org_membership(org, user_id): is_user_an_owner: bool = False org_has_other_owners: bool = False user_membership: MembershipModel = None for member in MembershipModel.find_members_by_org_id(org.id): if member.user_id == user_id: user_membership = member if member.membership_type_code == ADMIN: is_user_an_owner = True elif member.membership_type_code == ADMIN: org_has_other_owners = True current_app.logger.info( f'Org :{org.name} --> User Owner : {is_user_an_owner},Has other owners :{org_has_other_owners}' ) if is_user_an_owner and not org_has_other_owners: current_app.logger.info('Affiliated entities : {}'.format( len(org.affiliated_entities))) if len(org.affiliated_entities) == 0: org.status_code = OrgStatus.INACTIVE.value org.flush() else: # Roll back the transaction as there could be situation where a change in one org # membership is flushed, but the next one fails. In this case roll back whole transaction org.rollback() raise BusinessException(Error.DELETE_FAILED_ONLY_OWNER, None) else: user_membership.status = Status.INACTIVE.value user_membership.flush()
def test_create_user_and_add_membership_admin_bulk_mode_multiple( session, auth_mock, keycloak_mock): # pylint:disable=unused-argument """Assert that an admin can add a group of members.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) user = factory_user_model() factory_membership_model(user.id, org.id) claims = TestJwtClaims.get_test_real_user(user.keycloak_guid) membership = [ TestAnonymousMembership.generate_random_user(MEMBER), TestAnonymousMembership.generate_random_user(ADMIN) ] users = UserService.create_user_and_add_membership(membership, org.id, token_info=claims) assert len(users['users']) == 2 assert users['users'][0]['username'] == membership[0]['username'] assert users['users'][0]['type'] == 'ANONYMOUS' assert users['users'][1]['username'] == membership[1]['username'] assert users['users'][1]['type'] == 'ANONYMOUS' members = MembershipModel.find_members_by_org_id(org.id) # staff didnt create members..so count is count of owner+other 2 members assert len(members) == 3
def test_create_user_and_add_membership_admin_bulk_mode_multiple( session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument """Assert that an admin can add a group of members.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) user = factory_user_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value) claims = TestJwtClaims.get_test_real_user(user.keycloak_guid) membership = [ TestAnonymousMembership.generate_random_user(USER), TestAnonymousMembership.generate_random_user(COORDINATOR) ] patch_token_info(claims, monkeypatch) users = UserService.create_user_and_add_membership(membership, org.id) assert len(users['users']) == 2 assert users['users'][0][ 'username'] == IdpHint.BCROS.value + '/' + membership[0]['username'] assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name assert users['users'][1][ 'username'] == IdpHint.BCROS.value + '/' + membership[1]['username'] assert users['users'][1]['type'] == Role.ANONYMOUS_USER.name members = MembershipModel.find_members_by_org_id(org.id) # staff didnt create members..so count is count of owner+other 2 members assert len(members) == 3
def test_create_user_and_add_transaction_membership_1(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument """Assert transactions works fine.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) membership = [TestAnonymousMembership.generate_random_user(ADMIN)] with patch('auth_api.models.User.flush', side_effect=Exception('mocked error')): users = UserService.create_user_and_add_membership(membership, org.id, single_mode=True) user_name = IdpHint.BCROS.value + '/' + membership[0]['username'] assert len(users['users']) == 1 assert users['users'][0]['username'] == membership[0]['username'] assert users['users'][0]['http_status'] == 500 assert users['users'][0]['error'] == 'Adding User Failed' # make sure no records are created user = UserModel.find_by_username(user_name) assert user is None user = UserModel.find_by_username(membership[0]['username']) assert user is None members = MembershipModel.find_members_by_org_id(org.id) # only one member should be there since its a STAFF created org assert len(members) == 0
def test_create_user_add_membership_reenable(session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument """Assert that an admin can add a member.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) user = factory_user_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value) claims = TestJwtClaims.get_test_real_user(user.keycloak_guid) patch_token_info(claims, monkeypatch) anon_member = TestAnonymousMembership.generate_random_user(USER) membership = [anon_member] users = UserService.create_user_and_add_membership(membership, org.id) user_name = IdpHint.BCROS.value + '/' + membership[0]['username'] assert len(users['users']) == 1 assert users['users'][0]['username'] == user_name assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name members = MembershipModel.find_members_by_org_id(org.id) # staff didnt create members..so count is count of owner+other 1 member assert len(members) == 2 # assert cant be readded users = UserService.create_user_and_add_membership(membership, org.id) assert users['users'][0]['http_status'] == 409 assert users['users'][0]['error'] == 'The username is already taken' # deactivate everything and try again anon_user = UserModel.find_by_username(user_name) anon_user.status = Status.INACTIVE.value anon_user.save() membership_model = MembershipModel.find_membership_by_userid(anon_user.id) membership_model.status = Status.INACTIVE.value update_user_request = KeycloakUser() update_user_request.user_name = membership[0]['username'] update_user_request.enabled = False KeycloakService.update_user(update_user_request) org2 = factory_org_model(org_info=TestOrgInfo.org_anonymous_2, org_type_info={'code': 'BASIC'}, org_status_info=None, payment_type_info=None) factory_membership_model(user.id, org2.id) factory_product_model(org2.id, product_code=ProductCode.DIR_SEARCH.value) users = UserService.create_user_and_add_membership(membership, org2.id) assert users['users'][0]['http_status'] == 409 assert users['users'][0]['error'] == 'The username is already taken' # add to same org.Should work users = UserService.create_user_and_add_membership(membership, org.id) assert len(users['users']) == 1 assert users['users'][0][ 'username'] == IdpHint.BCROS.value + '/' + membership[0]['username'] assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
def test_create_user_and_add_membership_owner_skip_auth_mode(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument """Assert that an owner can be added as anonymous.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) membership = [TestAnonymousMembership.generate_random_user(ADMIN)] users = UserService.create_user_and_add_membership(membership, org.id, single_mode=True) assert len(users['users']) == 1 assert users['users'][0]['username'] == IdpHint.BCROS.value + '/' + membership[0]['username'] assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name members = MembershipModel.find_members_by_org_id(org.id) # only one member should be there since its a STAFF created org assert len(members) == 1 assert members[0].membership_type_code == ADMIN
def delete_org(org_id): """Soft-Deletes an Org. Only admin can perform this. 1 - All businesses gets unaffiliated. 2 - All team members removed. 3 - If there is any credit on the account then cannot be deleted. Premium: 1 - If there is any active PAD transactions going on, then cannot be deleted. """ current_app.logger.debug(f'<Delete Org {org_id}') # Affiliation uses OrgService, adding as local import # pylint:disable=import-outside-toplevel, cyclic-import from auth_api.services.affiliation import Affiliation as AffiliationService check_auth(one_of_roles=(ADMIN, STAFF), org_id=org_id) org: OrgModel = OrgModel.find_by_org_id(org_id) if not org: raise BusinessException(Error.DATA_NOT_FOUND, None) if org.status_code not in (OrgStatus.ACTIVE.value, OrgStatus.PENDING_INVITE_ACCEPT.value): raise BusinessException(Error.NOT_ACTIVE_ACCOUNT, None) # Deactivate pay account Org._delete_pay_account(org_id) # Find all active affiliations and remove them. entities = AffiliationService.find_affiliations_by_org_id(org_id) for entity in entities: AffiliationService.delete_affiliation( org_id=org_id, business_identifier=entity['business_identifier'], reset_passcode=True) # Deactivate all members. members = MembershipModel.find_members_by_org_id(org_id) for member in members: member.status = Status.INACTIVE.value member.flush() user: UserModel = UserModel.find_by_id(member.user_id) # Remove user from keycloak group if they are not part of any orgs if len(MembershipModel.find_orgs_for_user(member.user_id)) == 0: KeycloakService.remove_from_account_holders_group( user.keycloak_guid) # If the admin is BCeID user, mark the affidavit INACTIVE. if user.login_source == LoginSource.BCEID.value and member.membership_type_code == ADMIN: affidavit: AffidavitModel = AffidavitModel.find_approved_by_user_id( user.id) if affidavit: affidavit.status_code = AffidavitStatus.INACTIVE.value affidavit.flush() # Set the account as INACTIVE org.status_code = OrgStatus.INACTIVE.value org.save() current_app.logger.debug('org Inactivated>')