def test_project_share_readonly(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) projectid = self.project.pk self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ReadOnlyRole.name} request = self.factory.put('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'put': 'share' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) perms = role.get_object_users_with_permissions(self.project) for p in perms: user = p.get('user') if user == alice_profile.user: r = p.get('role') self.assertEquals(r, ReadOnlyRole.name)
def add_xform_to_project(xform, project, creator): """Adds an xform to a project""" # remove xform from any previous relation to a project xform.projectxform_set.all().delete() # make new connection instance = ProjectXForm.objects.create(xform=xform, project=project, created_by=creator) instance.save() # check if the project is a public and make the form public if project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] if user != creator: ReadOnlyRole.add(user, xform) else: OwnerRole.add(user, xform) return instance
def add_xform_to_project(xform, project, creator): """Adds an xform to a project""" # remove xform from any previous relation to a project xform.projectxform_set.all().delete() # make new connection instance = ProjectXForm.objects.create( xform=xform, project=project, created_by=creator) instance.save() # check if the project is a public and make the form public if project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] if user != creator: ReadOnlyRole.add(user, xform) else: OwnerRole.add(user, xform) return instance
def set_project_perms_to_xform(xform, project): # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions(project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user != xform.created_by: role.add(user, xform) else: OwnerRole.add(user, xform)
def test_get_object_users_with_permission(self): alice = self._create_user('alice', 'alice') org_user = tools.create_organization("modilabs", alice).user self._publish_transportation_form() EditorRole.add(org_user, self.xform) users_with_perms = get_object_users_with_permissions(self.xform) self.assertFalse(org_user in [d['user'] for d in users_with_perms])
def set_project_perms_to_xform(xform, project): """ Apply project permissions to a form, this usually happens when a new form is being published or it is being moved to a new project. """ # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() # clear existing permissions for perm in get_object_users_with_permissions(xform, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if role and (user != xform.user and project.user != user and project.created_by != user): role.remove_obj_permissions(user, xform) owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions(project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user == xform.created_by: OwnerRole.add(user, xform) else: if role: role.add(user, xform)
def set_project_perms_to_xform(xform, project): """ Apply project permissions to a form, this usually happens when a new form is being published or it is being moved to a new project. """ # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() # clear existing permissions for perm in get_object_users_with_permissions( xform, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if role and (user != xform.user and project.user != user and project.created_by != user): role.remove_obj_permissions(user, xform) owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions( project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user == xform.created_by: OwnerRole.add(user, xform) else: if role: role.add(user, xform)
def get_project_permissions(self, obj): if obj: users = cache.get('{}{}'.format(PROJ_PERM_CACHE, obj.pk)) if users: return users user = get_object_users_with_permissions(obj) cache.set('{}{}'.format(PROJ_PERM_CACHE, obj.pk), user) return user return []
def get_project_permissions(self, obj): if obj: users = cache.get("{}{}".format(PROJ_PERM_CACHE, obj.pk)) if users: return users user = get_object_users_with_permissions(obj) cache.set("{}{}".format(PROJ_PERM_CACHE, obj.pk), user) return user return []
def get_xform_permissions(self, obj): if obj: xform_perms = cache.get('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk)) if xform_perms: return xform_perms xform_perms = get_object_users_with_permissions(obj) cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms) return xform_perms return []
def set_project_perms_to_xform(xform, project): if project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm["user"] if user != xform.created_by: ReadOnlyRole.add(user, xform) else: OwnerRole.add(user, xform)
def get_xform_permissions(self, obj): if obj: xform_perms = cache.get( '{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk)) if xform_perms: return xform_perms xform_perms = get_object_users_with_permissions(obj) cache.set( '{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms) return xform_perms return []
def validate_remove(self, attrs, source): """ Check and confirm that the project will be left with at least one owner. Raises a validation error if only one owner found""" if attrs.get('role') == OwnerRole.name: results = get_object_users_with_permissions(attrs.get('project')) # count all the owners count = len( [res for res in results if res.get('role') == OwnerRole.name]) if count <= 1: raise ValidationError( _(u"Project requires at least one owner"))
def validate_remove(self, attrs, source): """ Check and confirm that the project will be left with at least one owner. Raises a validation error if only one owner found""" if attrs.get('role') == OwnerRole.name: results = get_object_users_with_permissions(attrs.get('project')) # count all the owners count = len([res for res in results if res.get('role') == OwnerRole.name]) if count <= 1: raise ValidationError( _(u"Project requires at least one owner"))
def test_get_object_users_with_permission(self): alice = self._create_user('alice', 'alice') org_user = tools.create_organization("modilabs", alice).user self._publish_transportation_form() EditorRole.add(org_user, self.xform) users_with_perms = get_object_users_with_permissions(self.xform) self.assertTrue(org_user in [d['user'] for d in users_with_perms]) self.assertIn('first_name', users_with_perms[0].keys()) self.assertIn('last_name', users_with_perms[0].keys()) self.assertIn('user', users_with_perms[0].keys()) self.assertIn('role', users_with_perms[0].keys()) self.assertIn('gravatar', users_with_perms[0].keys()) self.assertIn('metadata', users_with_perms[0].keys()) self.assertIn('is_org', users_with_perms[0].keys())
def set_project_perms_to_xform(xform, project): # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user != xform.created_by: role.add(user, xform) else: OwnerRole.add(user, xform)
def test_get_object_users_with_permission(self): """ Test get_object_users_with_permissions() """ alice = self._create_user('alice', 'alice') UserProfile.objects.get_or_create(user=alice) org_user = tools.create_organization("modilabs", alice).user demo_grp = Group.objects.create(name='demo') alice.groups.add(demo_grp) self._publish_transportation_form() EditorRole.add(org_user, self.xform) EditorRole.add(demo_grp, self.xform) users_with_perms = get_object_users_with_permissions( self.xform, with_group_users=True) self.assertTrue(org_user in [d['user'] for d in users_with_perms]) self.assertTrue(alice in [d['user'] for d in users_with_perms]) users_with_perms_first_keys = list(users_with_perms[0]) self.assertIn('first_name', users_with_perms_first_keys) self.assertIn('last_name', users_with_perms_first_keys) self.assertIn('user', users_with_perms_first_keys) self.assertIn('role', users_with_perms_first_keys) self.assertIn('gravatar', users_with_perms_first_keys) self.assertIn('metadata', users_with_perms_first_keys) self.assertIn('is_org', users_with_perms_first_keys)
def get_project_permissions(self, obj): return get_object_users_with_permissions(obj)
def get_xform_permissions(self, obj): return get_object_users_with_permissions(obj, serializable=True)