def assign_user_role(instance): role = get_user_roles(intance) if role: if role != instance.role: remove_role(intance, role) assign_role(instance, instance.role)
def removerole(name, role): try: q = User.objects.get(username=name) except: print("No such user exists") return Users = User.objects.all() if (not has_role(q, role) and not q.is_superuser): print("No such user of that role exists") return if (role == "patient"): search = "doctor" if (role == "doctor"): search = "patient" for each in Users: if (has_role(each, search) and not each.is_superuser): p = USERMODEL.objects.get(name=each.username) jd = json.decoder.JSONDecoder() if (p.auth is not None): k = jd.decode(p.auth) if (name in k): k.remove(name) p.auth = json.dumps(k) p.save() p = USERMODEL.objects.get(name=name) p.auth = json.dumps([]) p.type = "Public" p.legit_doctor = 0 p.save() remove_role(q, role) assign_role(q, "public")
def test_only_role_lead_can_change_password(resp_lead_change_pasword, django_user_model, client): user = django_user_model.objects.first() assign_role(user, 'member') remove_role(user, 'lead') response = client.get(reverse('core:lead_change_password')) assert response.status_code == 302
def test_remove_role_from_user_with_multiple_roles(self): """Ensure that remove_role() only removes the role specified, not all of the user's roles.""" assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) assign_role(self.user, self.Anesthesiologist) remove_role(self.user, self.Doctor) self.assertListEqual([self.Anesthesiologist, self.Surgeon], get_user_roles(self.user))
def handle(self, *args, **options): username = options['username'] role = options['role'] if username and role: try: user = User.objects.get(username=username) remove_role(user, role) print('success') except User.DoesNotExist: print('user does not found')
def promote_to_member(user: User, source: str) -> None: """ Promote a user do member. Raises exception in case user is a member :param user: """ if has_role(user, 'member'): raise UserRoleException('User is already a member') UserInteraction(category=UserInteraction.BECOME_MEMBER, source=source, user=user).save() assign_role(user, 'member') remove_role(user, 'lead') remove_role(user, 'client')
def promote_to_client(user: User) -> None: """ Promote a lead to user. Raises exception in case user is a member :param user: """ if has_role(user, 'member'): raise UserRoleException('User is already a member') if has_role(user, 'client'): raise UserRoleException('User is already a client') assign_role(user, 'client') remove_role(user, 'lead')
def role_assign(request, user_id): if not request.user.is_superuser: return Response(status=status.HTTP_403_FORBIDDEN) User = get_user_model() try: user = User.objects.get(pk=user_id) except User.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) if request.method == 'POST': assign_role(user, 'judge') elif request.method == 'DELETE': remove_role(user, 'judge') return Response(status=status.HTTP_200_OK)
def promote_to_webdev(user: User, source: str) -> None: """ Promote a user do webdev. Raises exception in case user is a member :param user: """ if has_role(user, 'member'): raise UserRoleException('User is already a member') elif has_role(user, 'bootcamper'): raise UserRoleException('User is already a bootcamper') elif has_role(user, 'webdev'): raise UserRoleException('User is already a webdev') UserInteraction(category=UserInteraction.BECOME_WEBDEV, source=source, user=user).save() assign_role(user, 'webdev') remove_role(user, 'lead') remove_role(user, 'client')
def delete_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument """ Signal handler that happens after a role removal is done. The role must be removed only if not correspondent to other programs. """ # the reason why this check is "> 0" is because this happens AFTER the delete # there are no entries for the current value if Role.objects.filter(role=instance.role).count() > 0: return log.debug( 'removing role % for user %s', instance.role, instance.user.username, ) remove_role(instance.user, instance.role)
def save_role_change(request): users = request.POST.getlist('user') userslist = [] for u in users: userslist.append(User.objects.get(id=int(u))) for u in userslist: if u.role == 'Voter': remove_role(u, 'voter') assign_role(u, 'candidate') u.role = 'Candidate' elif u.role == 'Candidate': remove_role(u, 'candidate') assign_role(u, 'voter') u.role = 'Voter' u.request_role_change = False u.save() return HttpResponseRedirect(reverse('polls:changerole'))
def test_remove_role_reinstates_permissions_correctly_scenario_2(self): """ Initial Roles: Doctor Surgeon Actions: Remove role: Doctor Expected resulting permission: enter_surgery_room = True operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) remove_role(self.user, self.Doctor) self.assertTrue(has_permission(self.user, self.enter_surgery_room)) self.assertTrue(has_permission(self.user, self.operate))
def save_related(self, request, form, formsets, change): user = UserModel.objects.get(pk=form.instance.pk) old_user_roles = set(r.get_name() for r in roles.get_user_roles(user)) super(RolePermissionsUserAdminMixin, self).save_related(request, form, formsets, change) new_user_groups = set(g.name for g in user.groups.all()) for role_name in (old_user_roles - new_user_groups): # roles removed from User's groups try: # put the recently removed group back, let rolepermissions remove it... group = Group.objects.get(name=role_name) user.groups.add(group) except Group.DoesNotExist: pass roles.remove_role(user, role_name) for group_name in (new_user_groups - old_user_roles): # groups potentially added to User's roles try: roles.assign_role(user, group_name) except roles.RoleDoesNotExist: pass
def save_related(self, request, form, formsets, change): user = UserModel.objects.get(pk=form.instance.pk) old_user_roles = set(r.get_name() for r in roles.get_user_roles(user)) super(UserAdmin, self).save_related(request, form, formsets, change) new_user_groups = set(g.name for g in user.groups.all()) for role_name in (old_user_roles - new_user_groups): # roles removed from User's groups try: # put the recently removed group back, let rolepermissions remove it... group = Group.objects.get(name=role_name) user.groups.add(group) except Group.DoesNotExist: pass roles.remove_role(user, role_name) for group_name in (new_user_groups - old_user_roles): # groups potentially added to User's roles try: roles.assign_role(user, group_name) except roles.RoleDoesNotExist: pass
def remove(request): if request.method == 'GET': name = request.GET.get('name') role = request.GET.get('role') try: q = User.objects.get(username=name) except: print("No such user exists") return HttpResponseRedirect('/home') Users = User.objects.all() if (not has_role(q, role) and not q.is_superuser): print("No such user of that role exists") return HttpResponseRedirect('/home') if (role == "patient"): search = "doctor" if (role == "doctor"): search = "patient" for each in Users: if (has_role(each, search) and not each.is_superuser): p = USERMODEL.objects.get(name=each.username) jd = json.decoder.JSONDecoder() if (p.auth is not None): k = jd.decode(p.auth) if (name in k): k.remove(name) p.auth = json.dumps(k) p.save() p = USERMODEL.objects.get(name=name) p.auth = json.dumps([]) p.type = "Public" p.legit_doctor = 0 p.save() remove_role(q, role) assign_role(q, "public") return HttpResponseRedirect('/home') else: return HttpResponseForbidden()
def test_remove_role_reinstates_permissions_correctly_scenario_5(self): """ Initial Roles: Doctor Surgeon Actions: Grant permission: operate Remove role: Surgeon Expected resulting permission: enter_surgery_room = False operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) grant_permission(self.user, self.operate) remove_role(self.user, self.Surgeon) self.assertFalse(has_permission(self.user, self.enter_surgery_room)) self.assertFalse(has_permission(self.user, self.operate))
def save_remove_role_from_user(sender, instance, **kwargs): # pylint: disable=unused-argument """ Signal handler that happens before a role assignment is done. If the the save happens for a modification, the previous role must be removed if not correspondent to other programs. Theoretically this is not necessary with the current implementation of the django-role-permission library. """ try: old_instance = Role.objects.get(pk=instance.pk) except Role.DoesNotExist: return # the reason why this check is "> 1" is because this happens BEFORE the save # so 1 entry is for the current value if Role.objects.filter(role=old_instance.role).count() > 1: return log.debug( 'removing role % for user %s', instance.role, instance.user.username, ) remove_role(instance.user, old_instance.role)
def edit_roles(request): for user in User.objects.all(): print(user.username == request.data['user_id']) target_query = User.objects.filter(username=request.data['user_id']) if not target_query.exists(): return Response('User not found', status=status.HTTP_404_NOT_FOUND) target = target_query[0] action = request.data['action'] role = request.data['role'] # Check if the user is allowed to edit the role of the target if has_role(target, 'owner') or (has_role(target, 'moderator') and not has_role(request.user, 'owner')): return Response('Not allowed to change role of target user', status=status.HTTP_403_FORBIDDEN) if action == 'remove': remove_role(target, role) elif action == 'assign': assign_role(target, role) else: return Response('Invalid action', status=status.HTTP_404_NOT_FOUND) return Response('Success', status=status.HTTP_200_OK)
def test_remove_role_reinstates_permissions_correctly_scenario_10(self): """ Initial Roles: Doctor Surgeon Anesthesiologist Actions: Revoke permission: enter_surgery_room Remove role: Doctor Expected resulting permission: enter_surgery_room = False operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) assign_role(self.user, self.Anesthesiologist) revoke_permission(self.user, self.enter_surgery_room) remove_role(self.user, self.Doctor) self.assertFalse(has_permission(self.user, self.enter_surgery_room)) self.assertTrue(has_permission(self.user, self.operate))
def test_remove_role_from_user(self): assign_role(self.user, self.Doctor) remove_role(self.user, self.Doctor) self.assertListEqual([], get_user_roles(self.user))
def test_remove_role_user_isnt_assigned_to(self): remove_role(self.user, self.Doctor) self.assertListEqual([], get_user_roles(self.user))
def create_access(request): # Get discord access token corresponding to the code by the auth data = { 'client_id': config.client_id, 'client_secret': config.client_secret, 'grant_type': 'authorization_code', 'code': request.data['code'], 'redirect_uri': request.data['redirect_uri'], 'scope': 'identify guilds' } headers = { 'Content-Type': 'application/x-www-form-urlencoded' } response_access = requests.post('%s/oauth2/token' % API_ENDPOINT, data=data, headers=headers) # Use the access token to get the guilds the user is part of if response_access.status_code != 200: return Response('Bad discord code', status=status.HTTP_400_BAD_REQUEST) headers = { "Authorization": ("Bearer " + str(response_access.json()['access_token'])) } response_guilds = requests.get('%s/users/@me/guilds' % API_ENDPOINT, headers=headers) if response_guilds.status_code != 200: return Response('Bad access token', status=status.HTTP_400_BAD_REQUEST) # A user is allowed a bot access token if he shares at least one guild with the bot shared_guilds = [] bot_guild_ids = [guild.id for guild in bot.guilds] for guild in response_guilds.json(): if int(guild['id']) in bot_guild_ids: shared_guilds.append({'id': guild['id'], 'name': guild['name']}) if len(shared_guilds) == 0: return Response('User does not share server with bot', status=status.HTTP_403_FORBIDDEN) response_user = requests.get('%s/users/@me' % API_ENDPOINT, headers=headers) if response_user.status_code != 200: return Response('Bad access token', status=status.HTTP_400_BAD_REQUEST) user_id = response_user.json()['id'] # check if user exists in database, creating one if necessary query = User.objects.filter(username=user_id) if not query.exists(): user = User.objects.create_user(username=user_id) for role in default_roles: assign_role(user, role) else: user = query[0] # caches the current guilds of a user for a login - use a real caching mechanism if deployed at large scale user.profile.guilds.clear() for guild_dict in shared_guilds: guild = Guild.objects.filter(id=str(guild_dict['id']))[0] user.profile.guilds.add(guild) # Check if the owner role status of the user is up to date and edit it if necessary is_specified_as_owner = user_id in config.bot_owners is_owner = has_role(user, "owner") if is_owner and not is_specified_as_owner: remove_role(user, 'owner') elif not is_owner and is_specified_as_owner: assign_role(user, 'owner') user.save() # update bot access token Token.objects.filter(user=user).delete() token = Token.objects.create(user=user) # send back bot access token return Response(token.key, status=status.HTTP_200_OK)
def _promote_client(user): remove_role(user, 'lead') assign_role(user, 'client') mailchimp_facade.create_or_update_client(user.first_name, user.email)