def get_group_view_template_vars(session, actor, group, graph):
# type: (Session, User, Group, GroupGraph) -> Dict[str, Any]
ret = {}
ret["grantable"] = user_grantable_permissions(session, actor)
try:
group_md = graph.get_group_details(group.name)
except NoSuchGroup:
# Very new group with no metadata yet, or it has been disabled and
# excluded from in-memory cache.
group_md = {}
ret["members"] = group.my_members()
ret["groups"] = group.my_groups()
ret["service_accounts"] = get_service_accounts(session, group)
ret["permissions"] = group_md.get("permissions", [])
for permission in ret["permissions"]:
permission["granted_on"] = datetime.fromtimestamp(permission["granted_on"])
ret["permission_requests_pending"] = []
for req in get_pending_request_by_group(session, group):
granters = []
for owner, argument in get_owner_arg_list(session, req.permission, req.argument):
granters.append(owner.name)
ret["permission_requests_pending"].append((req, granters))
ret["audited"] = group_md.get("audited", False)
ret["log_entries"] = group.my_log_entries()
ret["num_pending"] = count_requests_by_group(session, group, status="pending")
ret["current_user_role"] = {
"is_owner": user_role_index(actor, ret["members"]) in OWNER_ROLE_INDICES,
"is_approver": user_role_index(actor, ret["members"]) in APPROVER_ROLE_INDICES,
"is_manager": user_role(actor, ret["members"]) == "manager",
"is_member": user_role(actor, ret["members"]) is not None,
"role": user_role(actor, ret["members"]),
}
ret["can_leave"] = (
ret["current_user_role"]["is_member"] and not ret["current_user_role"]["is_owner"]
)
ret["statuses"] = AUDIT_STATUS_CHOICES
# Add mapping_id to permissions structure
ret["my_permissions"] = group.my_permissions()
for perm_up in ret["permissions"]:
for perm_direct in ret["my_permissions"]:
if (
perm_up["permission"] == perm_direct.name
and perm_up["argument"] == perm_direct.argument
):
perm_up["mapping_id"] = perm_direct.mapping_id
break
ret["alerts"] = []
ret["self_pending"] = count_requests_by_group(session, group, status="pending", user=actor)
if ret["self_pending"]:
ret["alerts"].append(Alert("info", "You have a pending request to join this group.", None))
return ret
def get_group_view_template_vars(session, actor, group, graph):
ret = {}
ret["grantable"] = user_grantable_permissions(session, actor)
try:
group_md = graph.get_group_details(group.name)
except NoSuchGroup:
# Very new group with no metadata yet, or it has been disabled and
# excluded from in-memory cache.
group_md = {}
ret["members"] = group.my_members()
ret["groups"] = group.my_groups()
ret["service_accounts"] = get_service_accounts(session, group)
ret["permissions"] = group_md.get("permissions", [])
ret["permission_requests_pending"] = []
for req in get_pending_request_by_group(session, group):
granters = []
for owner, argument in get_owner_arg_list(session, req.permission, req.argument):
granters.append(owner.name)
ret["permission_requests_pending"].append((req, granters))
ret["audited"] = group_md.get("audited", False)
ret["log_entries"] = group.my_log_entries()
ret["num_pending"] = count_requests_by_group(session, group, status="pending")
ret["current_user_role"] = {
"is_owner": user_role_index(actor, ret["members"]) in OWNER_ROLE_INDICES,
"is_approver": user_role_index(actor, ret["members"]) in APPROVER_ROLE_INDICES,
"is_manager": user_role(actor, ret["members"]) == "manager",
"is_member": user_role(actor, ret["members"]) is not None,
"role": user_role(actor, ret["members"]),
}
ret["can_leave"] = (
ret["current_user_role"]["is_member"] and not ret["current_user_role"]["is_owner"]
)
ret["statuses"] = AUDIT_STATUS_CHOICES
# Add mapping_id to permissions structure
ret["my_permissions"] = group.my_permissions()
for perm_up in ret["permissions"]:
for perm_direct in ret["my_permissions"]:
if (
perm_up["permission"] == perm_direct.name
and perm_up["argument"] == perm_direct.argument
):
perm_up["mapping_id"] = perm_direct.mapping_id
break
ret["alerts"] = []
ret["self_pending"] = count_requests_by_group(session, group, status="pending", user=actor)
if ret["self_pending"]:
ret["alerts"].append(Alert("info", "You have a pending request to join this group.", None))
return ret
def _is_user_a_member(self, group: Group, members: Mapping[Tuple[str, str],
Any]) -> bool:
"""Returns whether the current user is a member or has a pending membership request."""
if ("User", self.current_user.name) in members:
return True
if count_requests_by_group(self.session, group, "pending",
self.current_user) > 0:
return True
return False
def test_cancels_group_requests(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.grant_permission_to_group(USER_ADMIN, "", "admins")
setup.add_user_to_group("*****@*****.**", "admins")
setup.create_user("*****@*****.**")
setup.create_group("some-group")
setup.create_group_request("*****@*****.**", "some-group")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_convert_user_to_service_account_usecase(
"*****@*****.**", mock_ui
)
usecase.convert_user_to_service_account("*****@*****.**", "some-group")
assert mock_ui.mock_calls == [
call.converted_user_to_service_account("*****@*****.**", "some-group")
]
# Confirm that the request to the group is now cancelled and there are no pending requests
group = Group.get(setup.session, name="some-group")
assert group
assert count_requests_by_group(setup.session, group, status="cancelled") == 1
assert count_requests_by_group(setup.session, group, status="pending") == 0
def test_cancels_group_requests(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.grant_permission_to_group(USER_ADMIN, "", "admins")
setup.add_user_to_group("*****@*****.**", "admins")
setup.create_user("*****@*****.**")
setup.create_group("some-group")
setup.create_group_request("*****@*****.**", "some-group")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_convert_user_to_service_account_usecase(
"*****@*****.**", mock_ui)
usecase.convert_user_to_service_account("*****@*****.**", "some-group")
assert mock_ui.mock_calls == [
call.converted_user_to_service_account("*****@*****.**", "some-group")
]
# Confirm that the request to the group is now cancelled and there are no pending requests
group = Group.get(setup.session, name="some-group")
assert group
assert count_requests_by_group(setup.session, group,
status="cancelled") == 1
assert count_requests_by_group(setup.session, group, status="pending") == 0