def test_remove_member_removes_group_to_the_user(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that accepting an invite adds group to the user."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
# Patch token info
def token_info(): # pylint: disable=unused-argument; mocks of library methods
return {
'sub': str(kc_user.id),
'username': '******',
'realm_access': {
'roles': [
'edit'
]
},
'product_code': ProductCode.BUSINESS.value
}
monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
# Create another user
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user2 = keycloak_service.get_user_by_username(request.user_name)
user2 = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user2.id))
# Add a membership to the user for the org created
factory_membership_model(user2.id, org.as_dict().get('id'), member_type='COORDINATOR', member_status=4)
# Add a product to org
factory_product_model(org.as_dict().get('id'), product_code=ProductCode.BUSINESS.value)
# Find the membership and update to ACTIVE
membership = MembershipService.get_membership_for_org_and_user(org.as_dict().get('id'), user2.id)
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.ACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
# Find the membership and update to INACTIVE
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.INACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS not in groups
def deactivate_membership(self, token_info: Dict = None):
"""Mark this membership as inactive."""
current_app.logger.debug('<deactivate_membership')
# if this is a member removing another member, check that they admin or owner
if self._model.user.username != token_info.get('username'):
check_auth(org_id=self._model.org_id,
token_info=token_info,
one_of_roles=(COORDINATOR, ADMIN))
# check to ensure that owner isn't removed by anyone but an owner
if self._model.membership_type == ADMIN:
check_auth(org_id=self._model.org_id,
token_info=token_info,
one_of_roles=(ADMIN))
self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code(
'INACTIVE')
current_app.logger.info(
f'<deactivate_membership for {self._model.user.username}')
self._model.save()
# Remove from account_holders group in keycloak
Membership._add_or_remove_group(self._model)
current_app.logger.debug('>deactivate_membership')
return self
def deactivate_membership(self, **kwargs):
"""Mark this membership as inactive."""
current_app.logger.debug('<deactivate_membership')
user_from_context: UserContext = kwargs['user_context']
# if this is a member removing another member, check that they admin or owner
if self._model.user.username != user_from_context.user_name:
check_auth(org_id=self._model.org_id,
one_of_roles=(COORDINATOR, ADMIN))
# check to ensure that owner isn't removed by anyone but an owner
if self._model.membership_type == ADMIN:
check_auth(org_id=self._model.org_id, one_of_roles=(ADMIN))
self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code(
'INACTIVE')
current_app.logger.info(
f'<deactivate_membership for {self._model.user.username}')
self._model.save()
# Remove from account_holders group in keycloak
Membership._add_or_remove_group(self._model)
name = {
'first_name': self._model.user.firstname,
'last_name': self._model.user.lastname
}
ActivityLogPublisher.publish_activity(
Activity(self._model.org_id,
ActivityAction.REMOVE_TEAM_MEMBER.value,
name=json.dumps(name),
id=self._model.user.id))
current_app.logger.debug('>deactivate_membership')
return self
def deactivate_membership(self, token_info: Dict = None):
"""Mark this membership as inactive."""
current_app.logger.debug('<deactivate_membership')
# if this is a member removing another member, check that they admin or owner
if self._model.user.username != token_info.get('username'):
check_auth(org_id=self._model.org_id, token_info=token_info, one_of_roles=(ADMIN, OWNER))
# check to ensure that owner isn't removed by anyone but an owner
if self._model.membership_type == OWNER:
check_auth(org_id=self._model.org_id, token_info=token_info, one_of_roles=(OWNER))
self._model.membership_status = MembershipStatusCodeModel.get_membership_status_by_code('INACTIVE')
current_app.logger.info(f'<deactivate_membership for {self._model.user.username}')
self._model.save()
self._model.commit()
current_app.logger.debug('>deactivate_membership')
return self
def get_membership_status_by_code(name):
"""Get a membership type by the given code."""
return MembershipStatusCodeModel.get_membership_status_by_code(
name=name)